altai access controller configuration manual _ v2.0
TRANSCRIPT
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 1/110
ALTAI ACCESS CONTROLLER
CONFIGURATION MANUAL
Version 2.0
Date: April, 2014
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 2/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
About this document
SummaryChapter Description
Chapter1 Preface Introduce the document briefely
Chapter2 Product Introduction Introduce the product
Chapter3 System Features Introduce system features
Chapter4 Peparation beforeInstallation
Introduce preparation befored device’s installation
Chapter5 Initial Configuration Introduce device’s booting and basic configurations
Chapter6 WEB Configurations Introduce WEB configurations
Chapter7 FAQ Introduce FAQ
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 3/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Contents
1
PREFACE ............................................................................................................................. I
1.1
CONVENTIONS ........................................................................................................ I
1.2
SYMBOLS .................................................................................................................. I
2
PRODUCT INTRODUCTION ............................................................................................... 3
2.1
OVERVIEW ............................................................................................................... 3
3
SYSTEM FEATURES ............................................................................................................. 3
3.1
PROTOCOL SUPPORT ............................................................................................. 3
3.2
USER MANAGEMENT AND BUSINESS SUPPORT .................................................... 4
3.3
NETWORK SECURITY ............................................................................................... 4
3.4
NETWORK MANAGEMENT ..................................................................................... 5
4
PREPARATION BEFORE INSTALLATION ............................................................................. 6
4.1
PRECAUTIONS BEFORE OPERATION...................................................................... 6
4.2
ENVIRONMENT REQUIREMENTS ............................................................................. 6
4.3
INSTALLATION SAFETY REQUIREMENTS .................................................................. 6
4.4
TOOLS NEEDED ....................................................................................................... 7
5
INITIAL CONFIGURATION ................................................................................................. 8
5.1
CLI OVERVIEW ........................................................................................................ 8
5.1.1
USER MODE ................................................................................................... 8
5.1.2
PRIVILEGED MODE ....................................................................................... 9
5.1.3
ROM MONITOR MODE ................................................................................. 9
5.1.4
GLOBAL CONFIGURATION MODE .............................................................. 9
5.1.5
SYSTEM DESCRIPTION ................................................................................... 9
5.1.6
SYSTEM IP ADDRESS CONFIGURATIONS ..................................................... 9
5.1.7
VERSION BOOTING ..................................................................................... 10
5.2
LOGIN ACCESS PLATFORM ................................................................................. 14
5.2.1
LOGIN BY CONSOLE INTERFACE ............................................................... 14
5.2.2
LOGIN BY TELNET ........................................................................................ 14
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 4/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.3
LOGIN MANAGEMENT PLATFORM ..................................................................... 15
5.3.1
LOGIN BY CONSOLE INTERFACE ............................................................... 15
5.3.2
LOGIN BY TELNET ........................................................................................ 15
5.3.3
LOGIN BY WEB ............................................................................................ 15
5.4
SYSTEM UPDATE .................................................................................................... 16
5.4.1
UPDATE UNDER ROM MONITOR MODE ................................................... 17
5.4.2
UPDATE BY FTP ............................................................................................ 18
5.4.3
UPDATE BY WEB .......................................................................................... 21
5.5
UPLOAD/DOWNLOAD CONFIGURATION FILES ................................................. 24
5.5.1
UPLOAD CONFIGURATION FILES ............................................................... 24
5.5.2
DOWNLOAD CONFIGURATION FILES ....................................................... 25
5.6
GLOBAL CONFIGURATIONS ................................................................................ 25
5.6.1
LOGIN SETTINGS .......................................................................................... 25
5.6.2
SET SYSTEM NAME ....................................................................................... 25
5.7
INTERFACE CONFIGURATIONS ............................................................................ 26
5.7.1
CREATE A SUBINTERFACE ........................................................................... 26
5.7.2
SET VLAN ...................................................................................................... 26
5.7.3
CONFIGURE IP ADDRESS ............................................................................ 27
5.7.4
ENABLE OR DISABLE SUBINTERFACE ......................................................... 27
5.7.5
CONFIGURE THE WORK MODE FOR INTERFACE ..................................... 27
5.7.6
CONFIGURE WORK RATE FOR INTERFACE ............................................... 27
5.7.7
CONFIGURE INTERFACE’S DESCRIPTION................................................ 28
5.7.8
CHECK INTERFACE...................................................................................... 28
5.7.9
APPLICATION EXAMPLE ............................................................................. 28
5.8
IP CONFIGURATIONS ............................................................................................ 28
5.8.1
CONFIGURE STATIC IP ADDRESS ............................................................... 28
5.8.2
CONFIGURE IP FORWADING FEATURE ..................................................... 28
5.9
RADIUS CONFIGURATIONS .................................................................................. 29
5.9.1
OVERVIEW ................................................................................................... 29
5.9.2
CONFIGURE AC AS RADIUS CLIENT .......................................................... 29
5.10
DOMAIN CONFIGURATIONS ............................................................................... 31
5.10.1
OVERVIEW .................................................................................................. 31
5.10.2
DEFINE DOMAIN’S NAME ....................................................................... 31
5.10.3
CONFIGURE RADIUS SERVER .................................................................... 32
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 5/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.10.4
CONFIGURE DNS SERVER ......................................................................... 32
5.10.5
CONFIGURE DOMAIN WITHOUT AUTHENTICATION AND ACCOUNTING33
5.10.6
CONFIGURE SERVICE STRATEGY FOR DOMAIN ..................................... 33
5.10.7
CONFIGURE REAL-TIME ACCOUNTING ................................................... 33
5.10.8
CHECK DOMAIN CONFIGURATIONS ...................................................... 34
5.11
SERVICE STRATEGY CONFIGURATIONS .............................................................. 34
5.11.1
OVERVIEW .................................................................................................. 34
5.11.2
BROADBAND STRATEGY CONFIGURATIONS .......................................... 34
5.11.3
FILTERING STRATEGY CONFIGURATIONS ................................................. 35
5.11.4
SERVICE STRATEGY CONFIGURATIONS ................................................... 38
5.12
INTERNAL PORTAL CONFIGURATIONS ................................................................ 38
5.12.1
CONFIGURE PORTAL SERVER ................................................................... 38
5.12.2
CONFIGURE AC-NAME ............................................................................. 39
5.12.3
CONFIGURE NAS-ID HOT-CODE .............................................................. 39
5.13
IP POOL CONFIGURATIONS ................................................................................ 39
5.13.1
CONFIGURE LAYER2 IP POOL .................................................................. 39
5.13.2
CONFIGURE LAYER3 IP POOL .................................................................. 41
5.14
BUSINESS APPLICATION CONFIGURATIONS ....................................................... 42
5.14.1
ADDRESS MANAGEMENT FOR FIT AP ...................................................... 42
5.14.2
BUSINESS CONFIGURATION FOR DHCP+WEB ACCESS ......................... 43
5.15
NAT CONFIGURATIONS ........................................................................................ 46
5.15.1
STATIC NAT ................................................................................................. 46
5.15.2
DYNAMIC NAT ........................................................................................... 47
5.15.3
PAT .............................................................................................................. 47
5.17
HOT STANDBY CONFIGURATIONS ....................................................................... 48
5.17.1
OVERVIEW .................................................................................................. 48
5.17.2
COMMAND ............................................................................................... 48
6
WEB CONFIGURATIONS ................................................................................................. 50
6.1
LOGIN BY WEB ...................................................................................................... 50
6.2
BASIC SETTINGS ..................................................................................................... 52
6.2.1
AC CONFIGURATION ................................................................................. 53
6.2.2
AC HOTSTANDBY ........................................................................................ 55
6.2.3
RADIUS SERVER ........................................................................................... 56
6.2.4
AS SERVER ................................................................................................... 58
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 6/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.2.5
NTP SERVER .................................................................................................. 58
6.2.6
SYSLOG CONFIGURATION ......................................................................... 59
6.2.7
AP VERSION ................................................................................................. 60
6.2.8
VERSION SERVER ......................................................................................... 61
6.2.9
ROUTING ...................................................................................................... 62
6.2.10
ETHERNET INTERFACE INFORMATION ...................................................... 63
6.2.11
WAPI CERTIFICATE ..................................................................................... 63
6.2.12
AC ADVANCED ......................................................................................... 64
6.2.13
TUNNEL CONFIGURATION ........................................................................ 65
6.2.14
MULTIPLE ACCESS BOARDS CONFIGURATION ....................................... 66
6.2.15
AC UPGRADE ............................................................................................ 67
6.2.16
SYSTEM INFORMATION .............................................................................. 68
6.2.17
AC LICENSE ................................................................................................ 68
6.3
WIRELESS SETTINGS ............................................................................................... 69
6.3.1
WIRELESS BASIC........................................................................................... 70
6.3.2
WIRELESS ADVANCED ................................................................................ 72
6.3.3
WIRELESS CHANNEL .................................................................................... 73
6.3.4
PAYLOADBALANCE .................................................................................... 74
6.3.5
AP BACKGROUND SCAN .......................................................................... 75
6.3.6
CAPWAP TIMER ........................................................................................... 76
6.4
WIRELESS SECURITY ............................................................................................... 77
6.4.1
MAC FILTER .................................................................................................. 77
6.4.2
WLAN SECURITY .......................................................................................... 78
6.4.3
INTRUSION DETECTION SETTINGS ............................................................... 80
6.4.4
DYNAMIC BLACKLIST .................................................................................. 81
6.5
WLAN ..................................................................................................................... 81
6.5.1
AP CONFIGURATION .................................................................................. 82
6.5.2
WLAN GROUPS ........................................................................................... 84
6.5.3
TIME POLICY GROUPS ................................................................................ 87
6.5.4
AP POLICY APPLY ....................................................................................... 88
6.5.5
WLAN-VLAN ASSOCIATION ....................................................................... 88
6.6
STATISTICS .............................................................................................................. 88
6.6.1
AP INFORMATION ....................................................................................... 89
6.6.2
AP SOFTWARE UPGRADE ........................................................................... 91
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 7/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.6.3
WIRELESS RADIO STATISTICS ....................................................................... 92
6.6.4
WIRELESS USER LIST ...................................................................................... 92
6.6.5
INTRUSION DETECTION STATISTICS ............................................................. 93
6.6.6
CYCLE OF REPORTING AP STATISTICS ....................................................... 93
6.7
ROGUE AP ............................................................................................................. 94
6.7.1
ROGUE AP ................................................................................................... 95
6.7.2
PERMITTED BSSID LIST .................................................................................. 95
6.7.3
PERMITTED SSID LIST .................................................................................... 96
6.8
LOG........................................................................................................................ 96
6.8.1
OPERATION LOG ........................................................................................ 96
6.8.2
OPERATION LOG HOLD TIME .................................................................... 98
6.8.3
ALARM LOG ................................................................................................ 98
6.8.4
AP LOG ........................................................................................................ 98
6.8.5
INTRUSION DETECTION LOG ...................................................................... 99
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 8/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Content of Figures
Figure 5-1 Topology .................................................................................................................... 10
Figure 5-2 System Booting .......................................................................................................... 11
Figure 5-3 Auto-boot procedure(management platform)............................................... 11
Figure 5-4 Configure the Dialog(Access Platform) ............................................................ 13
Figure 5-5 Configuration File Booting(Access Platform) .................................................... 13
Figure 5-6 Login access platform by console interface ........................................................ 14
Figure 5-7 Login Management Platform .................................................................................. 15
Figure 5-8 Login Management Platform by WEB .................................................................... 16
Figure 5-9 Topology under ROM MONITOR Update............................................................... 17
Figure 5-10 the Topology for Update by FTP ........................................................................... 19
Figure 5-11 the Topology for Update by WEB ......................................................................... 22
Figure 5-12 Security Alarm ......................................................................................................... 22
Figure 5-13 Access Controller Login Screen ............................................................................ 23
Figure 5-14 AC Upgrade ............................................................................................................... 23
Figure 5-15 AC Upgrade ............................................................................................................... 24
Figure 5-16 AC Upgrade ............................................................................................................... 24
Figure 6-1 Access Controller Login Screen .............................................................................. 51
Figure 6-2 Access Controller Main Menu ................................................................................. 51
Figure 6-3 Basic Settings ............................................................................................................. 53
Figure 6-4 AC Configuration ...................................................................................................... 54
Figure 6-5 AC Hotstandby.......................................................................................................... 56
Figure 6-6 Radius List ................................................................................................................... 57
Figure 6-7 Radius Servers Edit..................................................................................................... 57
Figure 6-8 AS Server Configuration ........................................................................................... 58
Figure 6-9 AC NTP Configuration .............................................................................................. 59
Figure 6-10 SYSLOG Configuration............................................................................................ 59
Figure 6-11 AP Version Information Edit ................................................................................... 60
Figure 6-12 Version Server List .................................................................................................... 61
Figure 6-13 Version Server Edit ................................................................................................... 61
Figure 6-14 Route Information of Management Platform ........................................................ 62
Figure 6-15 Management Platform Route Edit .......................................................................... 62
Figure 6-16 Ethernet Interface Information ................................................................................ 63
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 9/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-17 WAPI Certificate ........................................................................................................ 63
Figure 6-18 WAPI Certificate Edit ................................................................................................. 63
Figure 6-19 AC Advanced ........................................................................................................... 64
Figure 6-20 Tunnel Configuration ................................................................................................. 65
Figure 6-21 Multiple Access Boards Configuration .................................................................... 66
Figure 6-22 Multiple Access Boards Configuration .................................................................... 66
Figure 6-23 AC Upgrade ............................................................................................................... 67
Figure 6-24 AC Upgrade Success ................................................................................................ 67
Figure 6-25 System Information .................................................................................................... 68
Figure 6-26 AC License ................................................................................................................. 68
Figure 6-27 Wireless Basic Settings ............................................................................................... 70
Figure 6-28 Wireless Advanced Settings ..................................................................................... 72
Figure 6-29 Wireless Channel Configuration .............................................................................. 73
Figure 6-30 Payloadbalance Configuration .............................................................................. 74
Figure 6-31 Payloadbalance Configuration by Flow Control .................................................. 75
Figure 6-32 AP Background Scanning ........................................................................................ 76
Figure 6-33 CAPWAPTimer Configuration ................................................................................... 77
Figure 6-34 MAC Filter ................................................................................................................... 77
Figure 6-35 WLAN Security Policy List........................................................................................... 78
Figure 6-36 Intrusion Detection Settings ...................................................................................... 80
Figure 6-37 Dynamic Blacklist ....................................................................................................... 81
Figure 6-38 AP Configuration ....................................................................................................... 82
Figure 6-39 WLAN Group Configuration ..................................................................................... 84
Figure 6-40 Time Policy Group...................................................................................................... 87
Figure 6-41 Time Policy Group...................................................................................................... 87
Figure 6-42AP AP Policy Apply ..................................................................................................... 88
Figure 6-43 WLAN-VLAN Association ........................................................................................... 88
Figure 6-44 AP List .......................................................................................................................... 89
Figure 6-45 AP Security Mode ...................................................................................................... 89
Figure 6-46 Parameters of AP Online Scanning ......................................................................... 90
Figure 6-47 AP Software Upgrade ............................................................................................... 91
Figure 6-48 Configuration of AP upgrading ............................................................................... 91
Figure 6-49 Wireless Radio Statistics ............................................................................................. 92
Figure 6-50 Wireless User List ......................................................................................................... 92
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 10/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-51 Cycle of Reporting AP Statistics ............................................................................... 93
Figure 6-52 Rogue AP List .............................................................................................................. 95
Figure 6-53 Permitted BSSID List .................................................................................................... 95
Figure 6-54 Permitted SSID List ...................................................................................................... 96
Figure 6-55 Operation Log Search .............................................................................................. 96
Figure 6-56 Operation Log Query Results ................................................................................... 97
Figure 6-57 Log Saving Remote FTP Server ................................................................................. 97
Figure 6-58 Alarm Log ................................................................................................................... 98
Figure 6-59 AP Log ......................................................................................................................... 98
Figure 6-60 Intrusion Detection Log .......................................................................................... 99
Content of Tables
Table 6-1 Description of Access Controller Main Menu ......................................................... 52
Table 6-2 AC Configuration ....................................................................................................... 54
Table 6-3 Configuration Parameters of AC Hotstandby ........................................................ 56
Table 6-4 Radius Server Configuration ..................................................................................... 57
Table 6-5 AS Server Configuration ............................................................................................ 58
Table 6-6 AC NTP Configuration ............................................................................................... 59
Table 6-7 SYSLOG Configuration............................................................................................... 60
Table 6-8 AP Version Information Edit ...................................................................................... 60
Table 6-9 Version Server Edit ...................................................................................................... 62
Table 6-10 Management Platform Route Edit ........................................................................... 63
Table 6-11 WAPI Certificate Edit .................................................................................................. 64
Table 6-12 AC Advanced ............................................................................................................ 65
Table 6-13 Tunnel Configuration.................................................................................................. 65
Table 6-14 Multiple Access Boards Configuration ..................................................................... 66
Table 6-15 AC Upgrade ................................................................................................................ 67
Table 6-16 AC License Parameter Settings ................................................................................ 69
Table 6-17 Wireless Basic Settings ................................................................................................ 70
Table 6-18 Wireless Advanced Settings ...................................................................................... 72
Table 6-19 Wireless Channel Configuration ............................................................................... 74
Table 6-20 Payloadbalance Configuration ............................................................................... 74
Table 6-21 AP Background Scanning ......................................................................................... 76
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 11/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Table 6-22 CAPWAP timer configuration .................................................................................... 77
Table 6-23 MAC Filter .................................................................................................................... 78
Table 6-24 WLAN Security Policy .................................................................................................. 79
Table 6-25 Intrusion Detection Settings ....................................................................................... 80
Table 6-26 AP Configuration ........................................................................................................ 83
Table 6-27 WLAN Configuration .................................................................................................. 85
Table 6-28 Time Policy Group....................................................................................................... 87
Table 6-29 AP List ........................................................................................................................... 89
Table 6-30 Parameters of AP Online Scanning .......................................................................... 90
Table 6-31 Configuration of AP upgrading ................................................................................ 91
Table 6-32 Wireless User List .......................................................................................................... 92
Table 6-33 Rogue AP Configuration ........................................................................................... 95
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 12/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
1 Preface
1.1 Conventions
Altai wireless access controller (hereinafter called AC) provides a
managemental platform for broadband wireless access service, which is
oriented to broadband wireless access ISP and enterprises with wireless
access. It fully supports the over-all operation and management solution for
broadband wireless access.
The manual introduces the system function, structure, specification, and
basic settings of Altai AC, as a convenience for engineers’s maintenance.
1.2 Symbols
1. Labels
Format Meaning
[ ]―【】‖represents window name, menu, and data sheet, such as‖promt 【New
Built Users】‖
/Multi-menus is separated by―/‖. For example , ―Click 【Basic Settings】/【AC
Upgrade】‖ means the screen prompt is to configure AC upgrade.
2. Safety Symbols
The document adopts the following symbols to inform readers of safety
requirements. Please read them before use the device.
Safety Symbols Meanings
Safety symbols:
Danger stands for a big potential harm
to human body if not avoided.
Warning stands for a big potentialdamage to device or business if not
avoided.
Attention stands for a moderate
damage to device or business if not
avoided.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 13/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Danger Electricity! Be aware ofelectricity shock.
Danger Laser! Be aware of laserdanger.
Danger Microwave! Be aware of
microwave dager.
Danger Hot! Be aware of hot danger.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 14/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
2 Product Introduction
2.1 Overview
Altai AC provides a managemental platform for broadband wireless
access service, which is oriented to broadband wireless access ISP and
enterprises with wireless access. It fully supports the over-all operation and
management solution for broadband wireless access.
Altai AC adopts advance technology of network processing and data
exchange bus. It provides a high forwarding compacity and protocol
processing ability, strengthening the processing of user management,
network security, accounting and netrwork management.
Altai AC provides various network access methods to support user
management with abundant network ptotocols and flexible accountings. It
provides different interface configurations and strict network security to avoid
attack from outside. Meanwhile it is easy to manage for a rich network
management methods.
3 System Features
3.1 Protocol Support
Support Ethernet Protocols like IEEE 802.3u, 802.3z, 802.3 , 802.1q, 802.1p,
802.3x
Support IP Protocols like IP, TCP, UDP, ICMP
Support static route protocols
Support protocols like TELNET, HTTP, FTP, RADIUS
Support DHCP Relay and DHCP Server
Support ARP, and PROXY ARP
Support NAT
Support IGMP Proxy
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 15/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
3.2 User Management and Business Support
Support MAC, port, VLAN, and IP address binding
Support user’s mult-access like fixed port, VLAN, MAC/IP address, PPPOEand DHCP
Support users to get VLAN information automatically and support one
user only user one IP address
Support user business management
Support rate restriction, bandwidth restriction for users, and different
upstream or downstream bandwidth for various users
Support route strategy
Support various QoS strategies
Support RADIUS as proxy server to realize the function of authentication,
accounting and authorization
Support IP strategy for various users
Support back-up Radius Server and account checking server
Support different service authorizations for various users, like time strategy,
flow stragety, bandwidth strategy and route strategy
Supply informations pointed to users like syslog and staristics
Support VLAN authentication, local authentication, and local account
Support account block
Support PPPOE quick-dial
Support VLAN’s user number restriction
Support one or more ISP, at most 256
3.3 Network Security Support PAP and CHAP
Support RADIUS authenticaiton
Support users’ binding of MAC address, VLAN, Port, IP Address, and
sesstions
Support anti-attack for user’s DHCP IP address
Support secure network management
Support WEB authentication
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 16/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Support 802.1x authenticaiton
3.4 Network Management Specified network interface like 10M/100M/1000M Ethernet interface and
Console interface
Support specified port as network port
Support Telnet management
Support graded SNMP
Support dynamic online update
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 17/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
4 Preparation before Installation
4.1 Precautions before Operation
To avoid personal injury and device harms, please follow the precautions
listed here.
1. Before clean the device, please unplug the power plug. Don’t wipe
device with a damp cloth, and no liquid cleaning at the same time.
2. Don’t lay the device near water or places too moisted.
3. Don’t lay device on unsteady chest or table.
4. Keep room with good ventilation and keep device ventilation holes
clear.
5. Make sure device is working under right voltage.
6. Don’t open the shell while device is running, and for safety consideration
try your best not to open the shell at will.
7. Wear an ESD wrist while replacing interface modules.
4.2 Environment Requirements
The device must work in room. No matter where the device is laid down,
please make sure device runs under the following environment conditions.
1. Make sure there is enough room for ventilation holes.
2. Make sure the rack or platform where device laid with a good ventilation
system.
3. Make sure the rack and platform is solid enough to bear the device and
other mounting accessories.
4. Make sure the rack and platform with a good ground connection.
5. The room should keep its temperature between 0℃ and 40℃, relative
humidity 5%~95%, dust(whose diameter≥5μm) density ≤3 × 104 pieces
/m3.
4.3 Installation Safety Requirements
1. Eclectrical Precautions
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 18/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
To example device’s internal structure, please unplug all the power plug
and cables. Be care of voltage.
The chasiss needs no maintainence. Please do not open the shell.
2. To operate the chasiss, please follow the rules listed here.
(1) Before install or uninstall the chasiss, please cut off all the power.
(2) Do no changes to system, avoiding potential harms to devices or
engingeers.
(3) After maintainence, please tighten all the screws on board or
power.
3. ESD Harms Avoidance
Since the components are sensitive to Electro Static Discharge, please
follow the rules listed here.
(1) Wear an ESD wrist while operating any system board.
(2) While carry the borad please lay your hand on the holders. The
board not used should be stored with electrostatic shield
protection.
4.4 Tools Needed
Before installing the device please prepare the following tools.
1. #1 srewdriver
2. #12-24 screw or #10-32 screw
3. Corresponding socket wrench for power screw
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 19/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5 Initial Configuration
5.1 CLI Overview
The user interface is CLI(Comand-line Interface), which provides a
textual interface for terminal users. All the CLI commands consist of key words
and parameters.
CLI consist of several modes, under which the related commands will be
fully operated. Some commands can only run in related modes and some
others can sun in all modes. CLI will stop at user mode after booting, whichallows users to check system running state. However user mode could not
allow users to change system state, which could be modified in privileged
mode. With ―enable‖ command, users can go to privileged mode.
In privileged mode input ―config terminal‖, users can go to global
configuration mode. By inputing disable, users will go back to user mode and
by <ctrl+z>, end, or exit will go back to privileged mode.
Input‖?‖ could inquiry all available commands under the mode. While
input question mark, there would prompt a list of keywords.
Under any mode, using tab will fill in the whole command automatically.
While inputing some command, push tab will prompt a list of possible
commands. All the commands support uncomplete form like just a few words
to stand for the whole command. Of course the form should not be
ambiguous. For example conf can stand for configure, but co could not
stand for it because co could not make a distinction between configure and
copy.
Most command support keyword of no. With ―no‖ command, the relatedcommand will be deleted.
The following part will describe each mode.
5.1.1 User Mode
Login by telnet or console, you have to input user name and password. In
user mode, users can only inquire configurations except for system
configuration file.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 20/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
In user mode, system prompt is【hostname】>.
5.1.2
Privileged Mode
After login user mode, input enable and the password of privileged mode,
you can login in privileged mode. In this mode, you can write and have some
complex operation. The system prompt is【hostname】#.
5.1.3 ROM Monitor Mode
ROM Monitor Mode is a running mode under abnormal instance. While
the device is abnormally booting or the device could not find sytem image,
then AC will go into ROM Monitor mode, which allow you to boot the system
manually.
Of course you can go to ROM Monitor mode by input CTRL+C while
system is booting in 5 seconds with console interface connected.
5.1.4 Global Configuration Mode
Global configuration mode will allow you to configure AC. The command
will change the running mode and take effect immediately. In globalconfiguration mode, the command in user mode and privileged mode will be
useless. After login into privileged mode, you do not need to input any
password just input configure terminal, you will go to global configuration
mode. The system promt is【hostname(config)】#.
5.1.5 System Description
There are three operation systems on AC for management platform,
access platform and fast forwarding platform.
5.1.6 System IP Address Configurations
For IPV4, all the IP address for management platform must be configured
in virtual port. For example, ifconfig eth7 12.12.12.1 netmask 255.255.255.0. At
the same time, the IP(12.12.12.1)must be configured in access platform
according to business. For the IP on access platform, to configure a default IP
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 21/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
on management platform is enough. There is no need to copy all the IP of
acess platform.
5.1.7 Version Booting
Connect AC and version server as follows.
Figure 5-1 Topology
The following figure shows the procedures of system booting.
AC
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 22/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 5-2 System Booting
Power on
Boot System
Load Operate System
Locate Operation System
Locate Configuration
File
Load Configuration File
Configure Mode
Initialize COnfiguration
If not found
If found
Power on AC and system will run POST( Power-On Self-Test,POST )
procedure to boot system.
The program will print information to control table and then boot
hardware component. After that the program will copy OS image to main
store. Before this, the program will print ―Booting in 5 units. Press Ctrl + C to
abort...‖ and wait for 5 seconds. If users press ―CTRL-C‖ during this time, system
will go ROM-monitor mode.If users not, system will boot automatically.
Figure 5-3 Auto-boot procedure(management platform)
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 23/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Connect console cable to access platform. After the power transferredto OS image, the software booting initializes like kernel booting, application
program booting, and network processor booting. After the booting, system
will look for the configuration file created and saved before from flash. If there
is no such file ,system will operate the Setup Dialog. Once finish the dialog, the
next booting will be loaded with default values.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 24/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 5-4 Configure the Dialog(Access Platform)
If system find the file, there will promt information of ―Press 'CTRL-C' to stop
running startup-config...‖ and wait for 3 seconds. If users press―CTRL-C‖ during
this time ,the configuration file will not be executed.
Figure 5-5 Configuration File Booting(Access Platform)
Right now the system boot successfully.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 25/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.2 Login Access Platform
5.2.1 Login by Console Interface
There are two console interfaces on front panel. Console0 is to manage
the Management Platform and Console1 the Access Platform. The Fast
Forwarding Platform is managed through the Access Plarform.
Connect to Console1 with baud rate 115200.
Figure 5-6 Login access platform by console interface
User Name: bnas
Password: bnas
Privileged Mode Password: super
5.2.2 Login by Telnet
Input the IP address and the port number of 23.
User Name: bnas
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 26/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Password: bnas
Privileged Mode Password: super
5.3 Login Management Platform
5.3.1 Login by Console Interface
Connect Console 0 Interface with baud rate 115200.
Figure 5-7 Login Management Platform
User Name: root
Password: fitap^_^
5.3.2 Login by Telnet
Input the IP address of Management Platform, which should be the same
with that of the Access Platform. Port 87 is suggested.
User Name: root
Password: fitap^_^
5.3.3 Login by WEB
Open IE web brower and input https://x.x.x.x (the IP address of
Mangement Platform).
User Name: icac
Password: icaclogin
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 27/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 5-8 Login Management Platform by WEB
5.4
System UpdateBefore introduce the three update mehod, there are three points should be
aware.
Firstly, there are two platforms of management platform and access
platform. To visit management platform, the device must be connected with
an Ethernet interface. The IP and mask of the interface should be
configured both on management and access platform.
Secondly, IP address must be configured on the right interface. For
access platform, the interface should be the one physically connected. For
example, if interface0 is connected to version server then the IP must be
configured on interface0. However for management platform, the IP can
only be configured on interface7, which is a virtual interface and can
communicate with any interface on the access platform.
Thirdly, bootloader is a driver for system update. If there is a need to
update a new version, we will supply one.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 28/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.4.1 Update under ROM MONITOR Mode
If there is need to change or update AC’s software, please follow the
following steps.
1. Topology
Please make sure AC can communicate with version server and connect
AC’s console interface.
Figure 5-9 Topology under ROM MONITOR Update
2. Make sure there is a new version on version server. Suppose the version is
saved at d:\ Altai-AC with a file name as MIPS_1018L1.8V8.10_R29_T15;
3. Enable tftp server on version server and make its working directory as d:\
Altai-AC;
4. Enable hyper terminal on version server and set the frequency as
115200B/S;
5. Power on Altai AC;
6. While seeing ―Booting in 5 units, Press Ctrl + C to abort...‖ please press
Ctrl-C in 5 seconds.
7. Input ―cc‖to configure version update parameters:
AC
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 29/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
boot device : gmac0 <-//AC’s uplink port with version
server
ip address : 10.9.0.22 <-//IP of ethernet interface
subnet mask : 255.255.255.0 <-//subnet mask
gateway : 10.9.0.21 <-//IP of gateway
tftp host ip address : 10.9.0.21 <-//IP of version server or tftp server
ac file name : MIPS_1018L1.8V8.10_R29_T15 <-//version to be update
8. input ―@@‖ and then press enter to trigger loading system. If it does not
work, input―@@‖and press enter again.
9. After the system is successfully udated, system will go to management
platform. Show version information with―cat /proc/rmi/mips-version‖:
# cat /proc/rmi/mips-version
the running version:
MCR_rmios_1.0.8.10C31
MCR_vxWorks_1.0.8.10C42
cwc_1.0.1.8C48M_MIPS
MIPS_1018L1.8V8.10_R29_T15
dev-boot-version:C16
next-boot-active-version:version0
5.4.2 Update by FTP
Update by FTP needs to save the version to be update on AC. Each time
when AC reboots, system will read version information. There can be saved
two versions at most, ―version0‖and―version1‖.
1. Topology
Please make sure AC can communicate with version server and connect
AC’s console interface.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 30/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 5-10 the Topology for Update by FTP
2. Save a new version on version server and suppose it is saved at
d:\Altai-AC with a file name of MIPS_1018L1.8V8.10_R29_T15 Version
name must start with―MIPS‖;
3. Enable ftp server and make its working directory as d:\Altai-AC;
4. Configure IP for management platform and access platform, and make
sure AC can visit version server. (suppose the IP is 221.162.62.137).
Configure IP for management platform:
# ifconfig //optional command, by this you can show all the management pla
tform interface information
# ifconfig eth7 221.162.62.137 netmask 255.255.255.0 //requied command, to co
nfigure IP for management platform. No matter which interface is used on access pl
atform, the IP for management platform can only be configured on eth7.
# ifconfig eth7 //show IP of eth7 interface
eth7 Link encap:Ethernet HWaddr 00:08:D2:00:00:08
inet addr:221.162.62.137 Bcast:221.162.62.255 Mask:255.255.255.0
For a notice, if eth7 is not configured rightly, you can input ―ifconfig eth7
up‖and then configure it again.
5. Configure IP for access platform:
Suppose Altai AC is connected to version server by interface0.
AC
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 31/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Altai-AC (config)# interface GigabitEthernet 1/0.0 //enter interface0 configuration
mode
Altai-AC (config-interface)# ip address 221.162.62.137 255.255.255.0 //configure IPan
d subnetmask for interface0. It is must be the same with that of eth7 interface.
After configuration to check the information with―show
running-config‖.
6. Configure version server’s IP as 221.162.62.12(the IP must be in the same
network segment). Input ―ping 221.162.62.12‖ on management and
access platform to make sure the two platforms can communicate with
version server. For a notice, you must press―CTRL-C‖ to stop the Ping
program on management platform.
Show version information on Altai AC.(optinal command)
# cat /proc/rmi/mips-version
MCR_rmios_1.0.8.10C29
MCR_vxWorks_1.0.8.10C39
cwc_1.0.1.8C46M_MIPS
MIPS_1018L1.8V8.10_R29_T13 //the running version is MIPS_1018R29T13
dev-boot-version:C16
next-boot-active-version:version0 //if reboot version0 will be active( MIPS_1018L1.8
V8.10_R29_T13)
7. Upload new version on AC by FTP. Enable CMD and follow the steps
listed here.
D:\>cd /Altai-AC //enter into the save directory of MIPS_1018L1.8V8.10_R29_T15
D:\ Altai-AC>ftp 221.162.62.137 //login to AC’s management platform by FTP. With
command of―by‖, you can quit the ftp mode.
Connected to 221.162.62.137
… …
User (221.162.62.137:(none)): root //input user name of management platform and pre
ss enter.
331 User root OK. Password required
Password: //input password and press enter
230 OK. Current directory is /root
ftp> put MIPS_1018L1.8V8.10_R29_T15 //upload MIPS_1018L1.8V8.10_R29_T15 to manage
ment platform
… …
ftp: 发送 45223563 字节,用时 16.86Seconds 2682.46Kbytes/sec. //upload successfully
show the version updated on management platform
# ls
MIPS_1018L1.8V8.10_R29_T15 //the version has been uploaded to management platfo
rm
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 32/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
If you need to update versions, input the following command. (Suppose version0 sta
nds for MIPS_1018L1.8V8.10_R29_T13 and the version to be update is MIPS_1018L1.8V
8.10_R29_T15):
# version upgrade0 //update version0. If there is a need to update version1, then
change the command as version upgrade1
0:EXT2-fs warning: maximal mount count reached, running e2fsck is recommended
To activate version please input the following command, which will take effect on t
he next booting.
# version active0 //activate version0 0:Done.
Show version information.
# cat /proc/rmi/mips-versionthe running version:
MCR_rmios_1.0.8.10C29
MCR_vxWorks_1.0.8.10C39
cwc_1.0.1.8C46M_MIPS
MIPS_1018L1.8V8.10_R29_T13 //the running version is MIPS_1018R29T13
dev-boot-version:C16
next-boot-active-version:version0 //for the next boot system will load version0
# reboot //reboot system
After reboot, input ―cat /proc/rmi/mips-version‖ on management
platform to show version information.
―version0‖is just a mark, standing for the new version updated.
―version1‖is also follow this principle.
There is no priority between version0 and version1. If you input―version
active0‖then version0 will be loaded at next reboot. Version 1 is the same
case. Svae two versions is just for backup use.
5.4.3 Update by WEB
The user can replace or upgrade Altai ACsystem software according to the
following steps.
1. Topology
Please make sure AC can communicate with version server and connect
AC’s console interface.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 33/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 5-11 the Topology for Update by WEB
Configure IP address for management platform and access platform to make
sure that AC can visit version server. Please refer to ―Update by FTP‖ for the
specific configuration methods.(Assuming 221.162.62.137 is the interface
address)。
Open the web browser on the version server, and input the following
address in the address bar https://221.162.62.137.
Notice:
The beginning of Website is ―https‖. Click ―Yes‖ while the following screen
prompt.
Figure 5-12 Security Alarm
AC
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 34/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Input the user name of ―icac‖ and the password of‖icaclogin‖.
For a notice, the user name and password is case sensitive.
Figure 5-13 Access Controller Login Screen
Click 【Basic Settings】,【AC Upgrade】,and AC upgrade screen will prompt
on the right. If you want to set version0 as the current version, please select
version0 and click ‖Set as current version‖ .
Figure 5-14 AC Upgrade
After updating the current version the following screen will prompt, and
don’t reboot right away. If you want to modify the real version which ―Current
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 35/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Version‖ refers to,please click‖Browse‖,and select the version need to
upgrade. Click ―Upload‖ to wait for version’s upload.
Figure 5-15 AC Upgrade
Figure 5-16 AC Upgrade
Finally, click ‖reboot‖. After reboot, the version update will take effect.
5.5 Upload/Download Configuration Files
5.5.1 Upload Configuration Files
Users can upload configuration files to remote fit server to backup, in
case of accidental damage. You can upload the active configuration files or
other files specified.
For a notice, there are only two configuration files on system. One is the
running system in use and the other is the backup file on local.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 36/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following command can be used to upload configuration files.
ftp put filetype /tffs/nmconf [ localfile {/tffs/nmconf | /tffs/nmconf1} ]
remotefile filename
filetype- type of the configuration files uploaded
localfile-name of the configuration file uploaded
remotefile- the name of configuration file needs to be uploaded
5.5.2 Download Configuration Files
Users can download configuration files remotely to recover system.
ftp get filetype /tffs/nmconf remotefile filename
filetype- type of the file
remotefile- name of the file
5.6 Global Configurations
5.6.1 Login Settings
hostname(config)#local-user username user password passsword
service-type all level priv-level
hostname(config)#enable secret super
For a notice, three could be multiply user names and password but only one
privilieged name.
Default settings are listed here.
User Name: bnas
Password: bnas
Privilieged Mode Password: super
5.6.2 Set System Name
BNAS(config)# hostname Altai-AC
Altai-AC (config)#
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 37/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.7 Interface Configurations
Fast Ethernet Interface and Gigabit Ethrenet Interface shoule be set in tht
form of subinterface. Please follow the steps listed here to configure. Create a Subinterface(Required)
Create Vlan(Optinal)
Set IP Address(Required)
Enable or Disable Subinterface(Optinal)
Configure the working mode of the interface(Optinal)
Configure the working rate of the interface(Optinal)
5.7.1 Create a Subinterface
Altai-AC(config)# interface GigabitEthernet interface-specifier
interface-specifier defines the interface in form of slot/port.subif. Slot stands
for the interface module, port the port number, and subtif the subintreface
number. For example,
Altai-AC(config)# interface GigabitEthernet 1/0.1
The command means subinterface1 is created on module1 and port 0.
For a notice, the fast Ethernet module number is 1 and the port number is from
0 to 5. The subinterface number could not be omitted and should lie in the
range of 0~255.
The command to configure Ethernet interface is the same with that of SFP
interface. For a physical interface, it could only be a SFP interface or an
Ethernet interface.
5.7.2 Set Vlan
If there is an existing VLAN, please configure the VLAN before you set IP
address for the created subinterface.
Altai-AC(config-interface)# vlan id vlan-id
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 38/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.7.3 Configure IP Address
IP Address can be a secondary assress except the primary address, but all the
IP Address in the system should not be crossovered.
Altai-AC(config-interface)# ip address ip_address ipMask [ secondary ]
5.7.4 Enable or Disable Subinterface
Altai-AC(config-interface)# shutdown
Altai-AC(config-interface)# no shutdown
5.7.5 Configure the Work Mode for Interface
Configure the work mode for interface as auto, full-duplex, or half-duplex.
Altai-AC(config-interface)# duplex duplex-mode
For a notice, the work mode will take effect for the whole interface. If there
are plenty of subinterfaces are configured under a work mode, the last
configuration will take effect.
While constructing networks, please keep all the decives are working in the
same work mode.
5.7.6 Configure Work Rate for Interface
Configure interface’s work rate as auto, 1000m, 100m, 10m, fiber and copper.
Altai-AC(config-interface)# speed speed-mode
For a notice, the work rate will take effect on the whole interface. If there are
plenty of subinterfaces are configured under a work rate, the last
configuration will take effect.
While configure SFP interface as an electrical module, the work mode must
be speed mode, but while as a Ethernet interface, the mork mode could notbe configured as speed auto.
You can not configure the same interface both as SFP indteface and
Ethernet interface at the same time.
While constructing networks, please keep all the decives are working in the
same work rate.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 39/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.7.7 Configure Interface’s Description
Altai-AC(config-interface)#description String
5.7.8 Check Interface
Altai-AC# show interface gigabitEthernet 1/ port
The command above will display all the details on the interface, like interface
state,message statistics, and flow rate.
5.7.9 Application Example
The following example configures a Gigabit Ethernet Interface.
Altai-AC(config)# interface GigabitEthernet 1/0.0
Altai-AC(config-interface)# ip address 10.10.5.1 255.255.255.0
Altai-AC(config-interface)# duplex full
Altai-AC(config-interface)# end
Altai-AC#show interface gigabitEthernet 1/0
5.8 IP Configurations
5.8.1 Configure Static IP Address
Altai-AC(config)# ip route ipAddress ipMask ipNextHop
For example,
Altai-AC(config)# ip route 10.0.0.0 255.255.255.0 192.168.26.33
Altai-AC(config)# ip route 0.0.0.0 0.0.0.0 192.168.25.1
Notice:
The ipNextHop must be the IP Address of direct connected network. It could
not be any interface’s IP Address. If ipAddress and ipMask is configures as 0, it
stands for a default toute.
5.8.2 Configure IP Forwading Feature
There are two IP forwarding features. One is for user to visit AC and the other is
for users to visit each other. The two configurations should be set at the same
time.
Altai-AC(config)# ip forward bnas-access enable/disable user-access
enable/disable
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 40/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
bnas-access is used to configure whetehr users can visit AC or not.
user-access is used to configure whetehr users can visit each other or not.
Notice:
This command is a global configuration, which will take effect on all users.
The following example means users can visit AC but can not visit each other.
Altai-AC(config)# ip forward bnas-access enable user-access disable
5.9 RADIUS Configurations
5.9.1 Overview
Remote Authentication Dial In User Service (RADIUS) is a
networking protocol that provides centralized Authentication, Authorization,
and Accounting (AAA) management for computers to connect and use a
network service. RADIUS is a client/server protocol that runs in the application
layer, using UDP as transport.
5.9.2 Configure AC as Radius Client
Before make any settings, please make sure there is a subinterface could
reach Radius Server.
1. Access to Radius Cilent Configuration Mode(Required)
2. Configure IP Address(Required)
3. Configure a Port to Authenticate(Optional)
4. Configure a Port to Account(Optional)
5. Check whether the configuration is taking effect or not.
5.9.2.1 Access Radius Client Configuration Mode
All the configuration should be set in radius client configuration mode.
Altai-AC(config)#radius-client
Altai-AC(radius-client)#
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 41/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.9.2.2 Configure IP Address
The IP address for Radius Client should be a subinterface’s IP address, and the
subinterface should be able to reach Radius Server.
Altai-AC(radius-client)#ipaddress A.B.C.D
5.9.2.3 Configure an Authentication UDP Port
The port number is 1645 by default. If there is a need to chage, please use the
following command.
Altai-AC(radius-client)# auth-port port
The port number should be the same with that of Radius Server.
The following command can change port number to default value.
Altai-AC(radius-client)# no auth-port
5.9.2.4 Configure an Account UDP Port
The port number is 1646 by default. If there is a need to chage, please use the
following command.
Altai-AC(radius-client)# account-port port
The port number should be the same with that of Radius Server.
The following command can change port number to default value.
Altai-AC(radius-client)# no account – port
5.9.2.5 To Confirm the Configuration with Show Command
Altai-AC# show running-config
Altai-AC# show radius client
5.9.2.6 Application Example
Suppose there is subinterface with IP address 192.168.25.234, and Radius
Client can use this IP address to communicate with Radius Server. The
authentication poar numner is 1812 and the Account port number 1813.
Altai-AC(config)#radius-client
Altai-AC(radius-client)#ipaddress 192.168.25.234
Altai-AC(radius-client)# auth-port 1812
Altai-AC(radius-client)# exit all
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 42/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
With show command as follows, you can see the configuration has been
updated.
Altai-AC#show running-config
... ...
interface FastEthernet 1/0.3
vlan id 4095
ip address 192.168.25.234 255.255.255.0
radius-client
ipaddress 192.168.25.234
auth-port 1812
account-port 1813
... ...
Altai-AC#show radius client
5.10 Domain Configurations
5.10.1
Overview
Domain in this paper could stand for certain ISP, or kinds of service like
viewing webpage or VOD. It also could be the combinantion of ISP and
service.
5.10.2 Define Domain’s Name
Define domain’s name and access to a sub-configuration mode.
Altai-AC(config)# domain domainname
Users can input usrname@domainname to select a domain in web brower or
SIM Dialer.
Users can use default domain to access by configuring a domain named
―default‖.
Altai-AC(config)# domain default
If the domain name is not configured on AC or users do not input any domain
name, AC will put these users to a default domain to authenticate and
account.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 43/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.10.3 Configure Radius Server
There is a radius server for each domain and the radius server should be
configured in chapter 5.9. Therefore AC can choose different authentication
and accounting servers according to various domains.
Altai-AC(domain)# radius server A.B.C.D authentication
Altai-AC(domain)# radius server E.F.G.H accounting
Once users choose a domain, they actually slect an authentication server
and accounting server.
Meanwhile AC supports backup authentication server, accounting server,
and accounting checking server.
5.10.3.1 Backup Server
The configuration of backup server is the same with master server.
Altai-AC(domain)# radius server I.J.K.L authentication
Altai-AC(domain)# radius server M.N.O.P accounting
That is to say the server configured first is master server and the other backup
server.
The following command is used to cancel configurations either on master or
backup server.
Altai-AC(domain)#no radius server x.x.x.x {authentication | accounting}
If the configuration on master server is canceld, the backup server will
become master server.
5.10.3.2 Account Checking Server
Configure account checking server.
Altai-AC(domain)# radius server A.B.C.D dup-accounting
Cancel the configurations.
Altai-AC(domain)#no radius server A.B.C.D dup-accounting
5.10.4 Configure DNS Server
The radius server doesn’t issue DNS, users can use the DNS server configured
for domains. Othervise, users can use the DNS issued by radius server.
Altai-AC(domain)# dns A.B.C.D E.F.G.H
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 44/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
A.B.C.D is the primary DNS IP address and E.F.G.H is that of secondary DNS.
For a notice, the DNS server configured in domain only takes effect on users
who assess by PPPOE but not DHCP and Fixed IP.
5.10.5 Configure Domain without Authentication and Accounting
If a domain is defined not to authenticate, then the users accessed by this
domain will be authenticate directly by AC. And AC will not send request
package to radius server to ask for authentication.
IF a domain is defined not to account, for the users accessed by this domain
will not be accounted. And AC will not send start and stop package to radius
server.
Altai-AC(domain)# aaa authentication none
Altai-AC(domain)# aaa accounting none
The following command will recover the domain as an accounting or
authentication domain.
Altai-AC(domain)# aaa authentication radius
Altai-AC(domain)# aaa accounting radius
Altai-AC(domain)# no aaa authentication
Altai-AC(domain)# no aaa accounting
5.10.6 Configure Service Strategy for Domain
Altai-AC(config)# domain domainname
Altai-AC(domain)# service-policy spname -spname is the service strategy
defined in AC.
5.10.7 Configure Real-time Accounting
Altai-AC(config)# domain domainname
Altai-AC(domain)# interim-time timenum - timenum is the interval for
real-time accounting.
Notice:
AC supports configuring real-time accounting interval and the interval
returned from radius server. If the two intervals exist at the same time, the
interval returned from radius server has a higher priority.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 45/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.10.8 Check Domain Configurations
Altai-AC # show domain-name domain-name
Altai-AC # show all domain-name
5.11 Service Strategy Configurations
5.11.1 Overview
Service strategy includes broadband and filtering strategy.
Broadband strategy can control data flow, which could meet ISP’s service for
different users. Filtering strategy will allow different users to asscess different
wensite.
Before specify service strategy to users, you must configure broadband, route
and filtering stragety. Please follow the following steps to configure.
Configure broadband and filtering strategy
Specify broadband and filtering strategy in service strategy list
According to different users choose different service strategy
Notice:
All the service strategy only takes effect on the users who access after theservice is configured. If a strategy is modified, the users who access before
the modification will not be influenced.
5.11.2 Broadband Strategy Configurations
5.11.2.1 Configure a Name for Broadband Strategy
Altai-AC(config)# rate-policy bandname
Altai-AC (rate-policy)#
5.11.2.2 Configure Bandwidth
Configure upstream and downstream bandwidth.
Altai-AC (rate-policy)# downstream number1 number2
Altai-AC (rate-policy)# upstream number3 number4
The unit for downstream and upstream broadband is bytes per second. The
meanding for each number is listed here.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 46/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
number1:the average bytes for each second in downstream
number2:the outbreak bytes for each second in downstream
number3:the average bytes for each second in upstream
number4:the outbreak bytes for each second in upstream
Notes:
The average flow control stands for the maximum data allowed in one
second. The outbreak flow control stands for the maximum data allowed in
0.25s.
The following command will delete the specified broadband strategy.
Altai-AC(config)# no rate-policy policyname
5.11.2.3 Show Broadband Strategy
Altai-AC # show rate-policy bandname
Altai-AC # show all rate-policy
5.11.3 Filtering Strategy Configurations
5.11.3.1 Overview
One filtering strategy consists of several filtering rules, at most 16.
To configure filtering strategy, you have to create filtering rules at first and
then assign them to filtering strategy.
5.11.3.2 Configure Filtering Rules
The following command is used to configure filtering rules.
rule rule-name {permit | deny} {ip | tcp | udp} src-ip src-mask [src-port]dest-ip dest-mask [dest-port]
·rule-name – the name of filtering rules, at most 15 characters
·permit – allow package to pass through
·deny – refuse package to pass through
·ip – operate on IP package
·tcp – operate on tcp package
·udp – operate on udp package
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 47/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
·src-ip – the source IP of this filtering rule
·src-mask – the mack of source IP
·src-port – the port of source tcp/udp, which is optional
·dest-ip – the destination IP of this rule
·dest-mask – the mask of destination IP
·dest-port – the port of destination tcp/udp, which is optional
Notice:
1. While configuring filtering rules, you have to specify the operation of permit
or deny, the protocol of ip, tcp, or udp. If it is tcp or udp, you have to assign
tcp or udp port at the same time.
2. If the rule is configured for all IP address, the IP and mask should be set as
0.0.0.0.
3. If the rule is configured for one specified IP, the mask should be set as
255.255.255.255.
4. If the tcp or udp port is set as 0, the filtering rule will take effect on all tcp or
udp port.
Example 1:
Suppose portal’s IP is 202.104.108.115, the following fitering rule will allow users
tovisit Portal Server.
Altai-AC(config)# rule portal permit ip 0.0.0.0 0.0.0.0 202.104.108.115
255.255.255.255
Example 2:
The following filtering rule allow any DNS package to pass through.
Altai-AC(config)# rule dns permit udp 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0
53
Example 3:
Suppose user is located at 10.10.0.0 network, and the following rule allow
users to visit this network segment.
Altai-AC(config)# rule wan permit ip 10.10.0.0 255.255.0.0 10.10.0.0
255.255.0.0
5.11.3.3 Delete Filtering Rules
The command here will delete filtering rules.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 48/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
no rule rule-name
For example,
Altai-AC(config)# no rule wan
5.11.3.4 Configure Filtering Strategy
Configure a name for filtering strategy.
Altai-AC(config)# filter-policy filter-name
Altai-AC(filter-policy)#
Assign filtering rules for filtering strategy, at most 16.
Altai-AC(filter-policy)# fi lter-rule filter-nameFor example,
Altai-AC(config)# filter-policy wan-policy
Altai-AC(filter-policy)# filter-rule portal
Altai-AC(filter-policy)# filter-rule dns
Altai-AC(filter-policy)# fi lter-rule wan
Altai-AC(filter-policy)# end
5.11.3.5 Delete Filtering Strategy
Use no command to delete a defined filtering strategy.
Altai-AC(filter-policy)# no filter-rule filter-name
For example,
Altai-AC(filter-policy)# no filter-rule wan
5.11.3.6 Show Filtering Strategy
Altai-AC# show filter-policy filter-name
For example,
Altai-AC# show filter-policy wan
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 49/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.11.4 Service Strategy Configurations
Service strategy is the conllection of broadband strategy, route strategy and
filtering strategy. One service stragtegy could not only consisit of broadband
and filtering strategy, but also of certain combination of the two strategies.
For a notice, if there is a filtering strategy configured in service strategy and
another independent filtering strategy configured, the independent filtering
strategy will take effect.
5.11.4.1 Configure a Name for Service Strategy
Altai-AC(config)# service-policy servicename
5.11.4.2 Configure Service Strategy
For one service strategy, there should be one broadband and filtering
strategy at most.
Altai-AC(service-policy)# rate-policy bandname
Altai-AC(service-policy)# filter -policy filterpolicyname
Altai-AC(service-policy)#exit
5.11.4.3 Delete Service Strategy
Use no command to delete seveice strategy defined. The command will not
delete the broadband, filtering or route strategy quoted.
Altai-AC(config)# no service-policy servicename
5.11.4.4 Show Service Strategy
show service-policy servicename
show all service-policy
5.12 Internal Portal Configurations
5.12.1 Configure Portal Server
Altai-AC(config)# portalserver x.x.x.x internal
The command here will configure IP address for portal server.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 50/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.12.2 Configure AC-name
Altai-AC(config)# ex-portal ac-name ACN.CTY.PRO.OPE
AC-Name’s format is wlanacname=ACN.CTY.PRO.OP. The attribute namemust be lowercase letter and the value number should follow the rules as
regulated.
Altai-AC(config)# ex-portal ac-name 0004.0543.531.00
5.12.3 Configure NAS-id Hot-code
Altai-AC(config)# vlan-nas-identifier vlan-id nas-id
NAS-ID is used to charge the data service of roaming, whose format is
HST.CTY.PRO.OPE.NAT( The ―.‖ here is just a mark to identify. For real
configuration, only 16 numbers are enough.). For example,
Altai-AC(config)# vlan-nas-identifier 101 0101053553100460
5.13 IP POOL Configurations
There are two types of ip-pool, layer2 ip-pool and layer3 ip-pool. Layer2
ip-pool is used for users who access by layer2 device and layer3 ip-pool for
users who access by layer3 device.
5.13.1 Configure Layer2 IP POOL
In network if the device connected to AC is layer2 access device, the
device should be configured a layer2 ip-pool. For AC as the gateway, it
should also be configured an IP in this ip-pool.
5.13.1.1 Configure a Name for IP Pool
Altai-AC(config)# ip-pool pool-name
Altai-AC(ip-pool)#
5.13.1.2 Configure a Range for IP Pool
Configure a range for ip pool and assign an IP for AC.
Altai-AC(ip-pool)#ipaddress DevBnasIp networkMask
Altai-AC(ip-pool)#ipaddress 10.0.1.1 255.255.255.0
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 51/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
In the above esample, AC’s ip is 10.0.1.1 and the mask is 255.255.255.0.
Therefore,the range for this ip pool is 10.0.1.0~10.0.1.255. Except for the zero
address, the broadcast address and the address for AC, there are 253
addresses left.
5.13.1.3 Configure Allocation Mode for IP Pool
Thre are several allocation mode for IP pool like PPPOE, DHCP, RADIUS, FIXIP,
and LOCALDHCP.
Altai-AC(ip-pool)# alloc-mode mode [pppoe|dhcp|radius|fixip|localdhcp]
5.13.1.4 Assign Service Stratefy
Assign service strategy for ip pool.
Altai-AC(ip-pool)# service-policy service-name
Use no command to delete the service strategy for IP pool.
Altai-AC(ip-pool)# no service-policy [service-name]
For example, configure a service strategy named service-wan for ip pool.
Altai-AC(ip-pool)# service-policy service-wan
Notice:
For DHCP and FIXIP users, the service strategy used before autenticaion is
defined in ip pool and after authentication the service strategy will transfer to
that of radius server. For the prevelige of radius server is higher than that of
domain. If there is no service strategy defined neither in radius server nor
domain, then users will have no service limitation.
For PPPOE users, the service strategy defined in ip pool is useless before
authentication. Therefore if the allocation mode is PPPOE, threre is no need to
configure service strategy in ip pool. After authentication the service strategy
will be that of radius server. For the prevelige of radius server is higher than
that of domain. If there is no service strategy defined neither in radius server
nor domain, then users will have no service limitation.
For a suggestion, it is better not to quote filtering service in ip pool but to
quote service strategy which includes filtering strategy.
5.13.1.5 Configure proxyarp
Altai-AC(ip-pool)#proxyarp [enable|disable ]
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 52/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.13.2 Configure Layer3 IP POOL
5.13.2.1
Configure a Name for IP PoolAltai-AC(config)# ip-pool pool-name l3
Altai-AC(ip-pool)#
5.13.2.2 Configure a Range for IP Pool
For layer3 ip pool, there is no need to configure an IP for AC but an IP for
next-hop route address.
Altai-AC(ip-pool)# ipnetwork ipnet ipmask nexthop
Altai-AC(ip-pool)# ipnetwork 10.10.0.0 255.255.0.0 10.9.0.1
5.13.2.3 Configure Allocation Mode for IP Pool
There is only three allocation mode support layer3 ip-pool, which is dhcp,
localdhcp, fixip.
Altai-AC(ip-pool)# alloc-mode [ dhcp ipadress | fixip ]
5.13.2.4 Configure Reserved IP
The reserved IP will not be allocated to users, which is used to manage users.
Altai-AC(ip-pool)#reservedip A.B.C.D
5.13.2.5 Assign Service Strategy
Assign service strategy for ip pool.
Altai-AC(ip-pool)# service-policy service-name
Use no command to delete service strategy.Altai-AC(ip-pool)# no service-policy [service-name]
For example, configure a service strategy named wan for ip pool.
Altai-AC(ip-pool)# service-policy wan
For DHCP and FIXIP users, the service strategy used before autenticaion is
defined in ip pool and after authentication the service strategy will transfer to
that of radius server. For the prevelige of radius server is higher than that of
domain. If there is no service strategy defined neither in radius server nor
domain, then users will have no service limitation.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 53/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
For a suggestion, it is better not to quote filtering service in ip pool but to
quote service strategy which includes filtering strategy.
5.13.2.6 Configure proxyarp
Altai-AC(ip-pool)#proxyarp [enable|disable ]
5.14 Business Application Configurations
5.14.1 Address Management for Fit AP
Usually the Fit AP in the network will be assigned a management IP through
the ip-pool with a certain dhcp option. The IP in this ip-pool will not be
allocated to users.
5.14.1.1 Configure ip-pool for DHCP
Configure the range, default gateway and least time.
Altai-AC(ip-pool)#ipaddress DevBnasIp networkMask
Altai-AC(ip-pool)# alloc-mode localdhcp
Altai-AC(ip-pool)# default-router gw
Altai-AC(ip-pool)# max-lease time
For example,
ip-pool AP
ipaddress 10.172.220.1 255.255.254.0
alloc-mode localdhcp
default-router 10.172.220.1
max-lease 3600
5.14.1.2 Bind Port and VLAN for IP-Pool
available-interface { port | port-port} vlan { vlan | vlan-vlan}
·port – port number
·port-port – port number range
·vlan – the port number of vlan
·vlan-vlan – the port number range of vlan
For example,
Altai-AC(ip-pool)# available-interface port 2 vlan 3333
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 54/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
5.14.1.3 Configure option
Altai-AC(ip-pool)# option-60 enterprise-code 3902
5.14.1.4 Configure AC’s Address
Altai-AC(ip-pool)# option-60 ac-manage-ip A.B.C.D
5.14.2 Business Configuration for DHCP+WEB Access
5.14.2.1 Overview
There is no need to install client software for DHCP+WEB access. Users can be
authenticated through brower.
The following point should be aware.
Basic Authority is for DHCP and FIXIP users, which is authenticated from IP-pool.
Right now, the authority can be configured in ip-pool is service strategy and
authentication and accounting strategy.
Authority after authentication is also for DHCP and FIXIP users, but it is
authenticated by radius server.
The service strategy in ip-pool do not include filtering strategy, that is to say,
users can visit any website without limitation. Therefore for web authentication
business, the service strategy should include filtering syrategy which defines
the following filtering rules like only to visit portal server, only to visit dns port
(unp 53), and only to visit certain IP.
5.14.2.2 Configuration Steps
1. Configure Subinterface(required);
There are to purpose to configure a subinterface.
First, by subinterface, radius client can communicate with radius server.
Second, the subinterface could be AC’s uplink port.
2. Configure RADIUS client(required);
3. Configure Radius Server (required);
4. Configure domain for users (required);
5. Configure Portal Server related(required);
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 55/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6. Configure broadband strategy, filtering strategy, and service strategy
(required);
7. Configure service strategy in domain(optional);
8. Assign IP for DHCP Server (required);
9. Configure ip-pool for users(required);
10. Configure service strategy in ip-pool(required);
11. Configure gateway, DNS, lease time for DHCP Server ’s ip-pool
(required);
12. bind port and vlan for ip-pool(required);
5.14.2.3 Configure IP for DHCP Server
If the allocation mode for ip-pool is localdhcp, you should enable AC’s
dhcp server, which can be configured in global mode. The IP for dhcp server
can be any interface’s IP.
Altai-AC(config)#ip dhcp server A.B.C.D
5.14.2.4 Configure Filtering Strategy for Authentication
The fitering strategy for authentication should include the following
filtering rules like only to visit portal server, only to visit dns port (unp 53), and
only to visit certain IP.
1)define filtering rules
rule portal permit ip 0.0.0.0 0.0.0.0 portal_ip 255.255.255.255
rule dns permit udp 0.0.0.0 0.0.0.0 0 0.0.0.0 0.0.0.0 53
2)encapsulate filtering strategy
filter-policy unauth
filter-rule portal
filter-rule dns
5.14.2.5 Configure ip-pool for DHCP
To configure ip-pool for DHCP Server, you have to configure default router,
max-lease time and DNS.
Altai-AC(config)# ip-pool dhcpsvrpool
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 56/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Altai-AC(ip-pool)# ipaddress 192.168.26.1 255.255.255.0
Altai-AC(ip-pool)# alloc-mode localdhcp
Altai-AC(ip-pool)# default-router 192.168.26.1
Altai-AC(ip-pool)# dns-server 220.120.64.194
Altai-AC(ip-pool)# max-lease 7200
Altai-AC(ip-pool)# filter-policy unauth
5.14.2.6 Bind Port and VLAN for ip-pool
The operation of binding port and VLAN for ip-pool is to make sure users
accessed by DHCP can get ip and basic authority from ip-pool.
available-interface { port | port-port} vlan { vlan | vlan-vlan}
For example, suppose the DHCP users accessed by port0 and VLAN10 will get
IP from ip-pool1.
Altai-AC(config)# ip pool ippool1 available-interface 0 vlan 10
For example, suppose the DHCP users accessed by port1-4 and any VALN will
get IP from ip-pool2.
Altai-AC(config)# ip pool ippool2 available-interface 1-4
5.14.2.7 Configure Detection Time for Idle Users
Users accessed by DHCP+WEB will be charged once they pass the
authentication. To save spending, AC supports the function of idle-detection.
If user data flow is lower than flow threshold in detection time, then the users
will be regarded as an idle user and the accounting will stop. The detection
time is 900s, which could be changed by the following command.
Altai-AC(config)# ip dhcp idle-interval interval threshold threshold
Altai-AC(config)# ip dhcp idle-interval 600 threshold 30000
In the above example, the detection time is adjusted to 600s and the flowthreshold is 30000 bytes.
Notice:
If the detection time is 0, then AC will not detect users.
Altai-AC(config)# ip dhcp idle-interval 0
5.14.2.8 Check and Debug
1. Show on-line users
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 57/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Altai-AC# show auth-user
String - NULL, or pool name, or domain name following with '@'
port - port-id
vlan - vlan-id
2. Show IP address assigned
Altai-AC# show dhcpuser
3. Show users’ information
Altai-AC# show user
String - user name, ip or mac
4. Force users off-line manually
Altai-AC# kick
List Elements - kick mode(ip,user-name,mac,index)String - ip user-name mac index
5. show dhcp ip assigned by manual release
Altai-AC# release
A.B.C.D - user's ip address
6. debug radius
5.15 NAT Configurations
NAT includes three types of static NAT, dynamic NAT, and PAT (Port
Address Translation). Static NAT is to map an internal private IP to external
legal IP permanently. Dynamic NAT is to map legal external IP to internal
network. PAT is to map internal IP to external IP’s different port. Usually we use
PAT.
5.15.1 Static NAT
1. Enable NAT function
Altai-AC(config)# ip nat router
2. Define subinterface
Altai-AC(config-interface)#ip nat outside
For a notice, to configure a subinterface, you have to configure an IP for
the interface and then configure ―ip nat outside‖. If you want to delete
and modify the subinterface’s IP, you have to delete ―ip nat outside‖ first,
delete the IP of interface, and then configure interface’s IP and ―ip nat
outside‖.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 58/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
3. Configure static NAT
Altai-AC(config)# ip nat static inside in_ipaddr out_ipaddr
255.255.255.255
For example, map internal IP 172.16.1.100 to external IP 221.8.9.10.
Altai-AC(config)# ip nat static inside 172.16.1.100 221.8.9.10 255.255.255.255
5.15.2 Dynamic NAT
1. Enbale NAT function
Altai-AC(config)# ip nat router
2. Define subinterface
Altai-AC(config-interface)#ip nat outside
For a notice, to configure a subinterface, you have to configure an IP for
the interface and then configure ―ip nat outside‖. If you want to delete
and modify the subinterface’s IP, you have to delete ―ip nat outside‖ first,
delete the IP of interface, and then configure interface’s IP and ―ip nat
outside‖.
3. Define NATinternal ip-pool
Altai-AC(config)# ip nat pool pool_name ip_address ipMask
Altai-AC(config)# ip nat pool In-pool 10.223.160.1 255.255.254.0
4. Define NAT external ip-pool
Altai-AC(config)# ip nat pool pool_name ip_address ipMask
Altai-AC(config)# ip nat pool Out-pool 221.1.2.3 255.255.255.128
5. Bind internal ip-pool and external ip-pool
Altai-AC(config)# ip nat inside In_pool Out_pool overload
For a notice, to delete a nat pool, you have to depart internal ip-pool
and external ip-pool with ―no‖ command and then delete ip-pool.
5.15.3 PAT
1. Enable NAT function
Altai-AC(config)# ip nat router
2. Define subinterface
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 59/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Altai-AC(config-interface)#ip nat outside
For a notice, to configure a subinterface, you have to configure an IP for
the interface and then configure ―ip nat outside‖. If you want to delete
and modify the subinterface’s IP, you have to delete ―ip nat outside‖ first,
delete the IP of interface, and then configure interface’s IP and ―ip nat
outside‖.
3. Configure internal ip-pool
Altai-AC(config)# ip nat pool pool_name ip_address ipMask
Altai-AC(config)# ip nat pool In-pool 10.223.160.1 255.255.254.0
4. Configure external ip-pool
Altai-AC(config)# ip nat pool pool_name ip_address ipMask Altai-AC(config)# ip nat pool Out-pool 221.1.2.3 255.255.255.128
5. Bind internal ip-pool and external ip-pool
Altai-AC(config)# ip nat inside In_pool Out_pool overload
5.16 Hot Standby Configurations
5.16.1 Overview
In upstream, the master AC and backup AC will occupy three IP in the
same network segment and two MAC address with VRRP protocol.
In operation and maintainence, the master AC and backup AC will use
different IP address and MAC address.
In business, the master AC and backup AC will use the other IP and the
same MAC.
The uplink port is open and the three IP address could be telnet.
In access side, the same port of master AC and backup AC share the same
MAC, but only the port on master AC will be open.
5.16.2 Command
1. [no] vrgroup groupid
Mode:config
Parameters:groupid – virtual group ID, range from 1 to 16;
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 60/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Description:configure virtual group;
2. [no] prioroty num
Mode:vrgroup
Parameters:num – the priority of virtual group, range from 1 to 255;
Description:configure the priority of virtual group;
3. [no] adver-interval interval
Mode:vrgroup
Parameters:interval – the heartbeat interval;
Description:configure the heartbeat interval;
4. [no] track-port GigabitEthernet String priority num
Mode:vrgroup
Parameters:String — listener port;
num – the priority of binding port, while the port is down ,the prioriry will
get low;
5. [no]preempt
Mode:vrgroup
Parameters:enable preempt mode;
6. [no]threshold-priority num
Mode:vrgroup
Parameters: num – the priority of virtual group, range from 1 to 255;
Description:configure the threshold for hot back group;
7. [no]attend A.B.C.D group groupid [vrip]
Mode:configure subinterface
Parameters:A.B.C.D – subinterface’s IP
Groupid – virtual group ID
Vrip – optional parameter, with it, the IP will attend the group as a
virtual IP, otherwise the IP will be regarded as a real IP.
Description:Configure IP for hot backup group, including virtual IP and
real IP. Add some IP to the group.
8. [no] vrip A.B.C.D group groupid
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 61/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Mode:configure subinterface
Parameters:A.B.C.D-must be the same port in the same network
segment
Groupid — must be the group existed
Description:configure IP for hot backup group and add some IP to a
group
9. Show hotstandby group-info Al l |current | groupid
Mode:Privileged Mode
Parameters:Al l —show all group’s important information
Current – show details of the running hot backup group
Groupid — show details of specified group
Description:show group’s information
6 WEB Configurations
6.1 Login by WEB
The URL is:https://10.1.1.3(10.1.1.3 is the IP of management platform
configured on Eth7).
The default user name is icac, and the password is icaclogin.
The login screen is displayed as follows.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 62/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-1 Access Controller Login Screen
The device supports three languages mode,【Simplified Chinese】,【Traditional
Chinese】 ,and【 English】 .You can select the language environment
needed.Please input the user name and password,and click 【Login】.
The following screen will prompt.
The main menu includes:【Basic Settings】,【Wireless Settings】,【Wireless Security】,
【WLAN】,【Online AP】,【Statistics】,【Rogue AP】,【LOG】.【icac Logged】,
【Change Password】,and【Exit】are in the right above.
Figure 6-2 Access Controller Main Menu
The following table will introduce the main menu.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 63/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Table 6-1 Description of Access Controller Main Menu
Menu Description
Basic Settings
The configuration of system essential information,
providing basic configuration of Altai AC like AP’s versioninformation management, loading version service
management and so on.
Wireless Settings The configuration of wireless setting and capwap timer.
Wireless Security The configuration of wireless security.
WLAN The configuration of WLAN management.
Online APThe configuration of online AP,including AP information’s
view,and the configuration of AP issued.
Statistics It provides statistics information of AP and user.
Rogue APIt provides rogue AP scan switch,and displays rogue AP
list.
LOG It provides operation log and security log.
Change Password Change the password.
SaveConfiguration
Click save button to save configurations.
ExitLog out management platform, and return to loginscreen.
The following chapters will introduce various function of WEB.
6.2 Basic Settings
Click 【Basic Settings】,and the following screen will prompt.
On this screen the following functions will be configured,including【AC
Configuration】,【AC Hotstandby】,【Radius Server 】,【AS Server 】,【NTP Server 】,
【SYSLOG Server 】,【AP Version】,【Version Server 】,【Routing】,【Ethernet Interface
Information】,【WAPI Certificate】,【AC Advanced】,【Tunnel Configuration】,
【Multiple Access Boards Configuration】 ,【 AC Upgrade】 ,【 System
Information】,and【AC License】.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 64/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-3 Basic Settings
6.2.1 AC Configuration
Click 【Basic Settings】/【AC Configuration】,and AC configuration screen will
prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 65/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-4 AC Configuration
The configuration of AC in detail is displayed as follows.
Table 6-2 AC Configuration
Items Description
AC Name The name of AC.
AC IP Address The IP address of AC.
Number of
Connected APsThe number of AP connected.
Number of
Connected STAsThe number of wireless user connected.
SNMP Community RSNMP read-only command, and the default value ispublic.
SNMP Community
R&WSNMP read-write command, and the default is private.
AC Trap IP The IP address where the alarm message is sent.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 66/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
AC Trap IP2The IP address where the alarm message is sent.You canset two tra IP at the same time.
Trap Community Trap command, and the default value is private.SNMP Port R&W SNMP read-write port,and the default value is 161.
Trap port Trap port,and the default value is 162.
LoadbalanceOn: Enable load balance function.Off: disable the function, and it is the default option
User IsolationOn: Enable user isolation function.
Off: Disable the function, and it is the default option.
Last polling time The last polling time.
Domain The nation domain where the device located.
AC Authentication
AC supports eight authentications.
no-auth: No authentication.
eap-sim: Eap-sim authentication.web: Web authentication.
eap-md5: Eap-md5 authentication.simAndweb: SimAndweb authentication.
simAndmd5: SimAndmd5 authentication.webAndmd5: WebAndmd5 authentication.
simAndwebAndmd5: SimAndwebAndmd5
authentication.
Use MAC as Index
On: While network administrator collecting information,
use MAC as index.Off: While network administrator collecting
information,use AP ID as index. This function is disabled by
default.
SNMP instantly collectOn: Enable SNMP instantly collecting switch.Off: Disable the function and it is the default option.
LongitudePlease fill in the longitude as the sample formatdisplayed.
Latitude Please fill in the latitude as the sample format displayed.
MoreClick More, and the advanced setting screen willprompt.
6.2.2 AC Hotstandby
Click 【 Basic Configuration】 /【AC Hotstandby】 , and AC hotstandbyconfiguration screen will prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 67/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-5 AC Hotstandby
The following table will introduce the configuration parameters of AC
Hotstandby.
Table 6-3 Configuration Parameters of AC Hotstandby
Items Description
AC HotstandbyEnabled:Enable hotstandby function
Disabled:Disable hotstandby function
AP Cold StandbyEnabled:Enable cold standby function
Disabled:Disable cold standby function
Data
Synchronization
Enabled:Enable cold standby function
Disabled:Disable cold standby function
Preempt Mode
Enabled:Enable preempt mode. Under
this mode, AC with high priority will
become master AC. If the priority is thesame, then the AC with bigger IP will
become master AC.
Disabled:Disable preempt mode.
Local IPThe heartbeats address which iscommunicated with the client.
Peer IPThe heartbeats address which thismachine is linked to the client.
6.2.3 Radius Server
Click 【Basic Settings】/【Radius Server 】,and radius servers configuration screen
will prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 68/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-6 Radius List
Select one radius server configuration,click 【Modify】,and the radius servers
edit screen will prompt.
Figure 6-7 Radius Servers Edit
The following table will introduce the configuration items.
Table 6-4 Radius Server Configuration
Items Description
Type
Authentication: the radius server to realize
authentication function.Account: the radius server to realize account
function.Checking: the radius server to realize checking
function.
PriorityPriority choice: the primary radius server.Reserve: the radius server reserved will be used
if priority server can’t work.
IP Address The IP address of radius server.
Port The port of radius server.
Password The password of account or checking
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 69/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Re-enterpassword
Re-enter the password of radius server.
6.2.4 AS Server
Click 【Basic Configuration】/【AS Server 】,and AC server configuration screen
will prompt.
Figure 6-8 AS Server Configuration
Table 6-5 AS Server Configuration
Items Description
AS server IP The IP address of AS server.
AS server port The port of AS server.
6.2.5 NTP Server
Click 【Basic Settings】/【NTP Server 】,and NTP configuration screen will
prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 70/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-9 AC NTP Configuration
Table 6-6 AC NTP Configuration
Items Description
NTP ServerOn: Set AC as NTP server, and AP or other clientwill e synchronize with AC.
Off: AC is not set as NTP server.
NTP Client
On: Set AC as NTP client, and it will synchronizewith NTP server automatically.
Off: AC is not set as NTP client.
Server 1 The IP address of NTP server.
Server 2 The IP address of NTP server.
Server 3 The IP address of NTP server.
Sync IntervalAC will synchronize with NTP server as the timesetting passed.
6.2.6 SYSLOG Configuration
Click 【Basic Settings】/【SYSLOG Configuration】,and SYSLOG configuration
screen will prompt.
Figure 6-10 SYSLOG Configuration
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 71/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Table 6-7 SYSLOG Configuration
Items Description
Syslog Level
Emergency: System logs like the system can’t
work.alert: Alarm logs like the system will shut down.
critical: important logs like users login and log out.
error: The error logs like some process goes wrong.warning: Warning logs like user’s authentication is
failed.
notice: Notice logs like system needs to beupdated.
informational: informational logs like the recordsof IP visited.
debug: Debug logs.
IP Address The IP address of syslog server.
Port The port of syslog,and the default port is 514.
OperationClick 【Apply】,and the SYSLOG configuration will
be used.
6.2.7 AP Version
Click 【Basic Settings】/【AP Version】, and AP version configuration screen will
prompt.
Figure 6-11 AP Version Information Edit
Table 6-8 AP Version Information Edit
Items Description
Manufacturer Manufacturer information.
Device Type Device type information.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 72/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
HardwareVersion
Hardware version information.
Update Type
1: Firmware. If there is no need to update,please choose this option.
2: Software. Update through software.
3: Configuration file. Update throughconfiguration file.
UpdateFeature
The description of update feature.
Target
Update
Feature
The description of target update feature.
Upload Ways It includes WEB upload and manual upload.
Path TypeFull path
Relative pathTarget
Updated FileClick 【Browse】,and select target update file.
6.2.8 Version Server
Click 【Basic Settings】/【Version Server 】,and version server configuration screen
will prompt.
Figure 6-12 Version Server List
Select a list,click 【Modify】,and version server edit screen will prompt.
Figure 6-13 Version Server Edit
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 73/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following table will introduce the version server edit.
Table 6-9 Version Server Edit
Items Description
Server IP The IP address of version server.
Port The port of verion server.
UserName Please input the user name.
Password Please input the password.
Confirm
PasswordPlease input the password again.
Transfer
Protocol
AC supports four transfer protocols.
ftp
tftp
httphttps
6.2.9 Routing
Click 【Basic Settings】/【Routing】,and route information of management
platform screen will prompt.
Figure 6-14 Route Information of Management Platform
Click 【Add】,and the management platform route edit screen will prompt.
Figure 6-15 Management Platform Route Edit
The following table will introduce the management platform route edit.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 74/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Table 6-10 Management Platform Route Edit
Items Description
Destination IP The destination IP
Netmask The subnet network netmask
Next hop The next hop network address
6.2.10 Ethernet Interface Information
Click 【Basic Settings】/【Ethernet Interface Information】,and ethernet interface
information screen will prompt.
Figure 6-16 Ethernet Interface Information
Notice: The information on screen of read-only can’t be added, modified
and deleted.
6.2.11 WAPI Certificate
Click 【Basic Settings】/【WAPI Certificate】,and WAPI certificate screen will
prompt.
Figure 6-17 WAPI Certificate
Click 【Add】to prompt the following screen.
Figure 6-18 WAPI Certificate Edit
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 75/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following table will introduce WAPI certificate edit.
Table 6-11 WAPI Certificate Edit
Items Description
Certificate Type
There are three certificate types:
Server
APCA
Path TypeRelative pathFull path
Certificate
Uploading
Click 【Browse】,and select the certificate
need to be uploaded.
6.2.12 AC Advanced
Click 【Basic Settings】/【AC Advanced】,and AC advanced screen will prompt.
Figure 6-19 AC Advanced
The following table will introduce AC advanced.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 76/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Table 6-12 AC Advanced
Items Description
AC
ConfigurationExport
Click 【Download】,and the AC configuration
will be exported.
ACConfiguration
Import
Click 【Browse】to select the configuration file
to be imported,and click 【Import】.
Select
Configuration
to Reset
You can select the following configuration.Business configuration: The configuration onthe screen(except for AC name).
System configuration: The configuration ofmanagement platform.
Factory Reset Click 【Reset】to reset default configurations.,
Reboot AC Click 【Reboot】,and it will reboot AC.
Warning:
To restore the factory default, and restart AC will affect the running business.
Please do not do such operation at will.
6.2.13 Tunnel Configuration
Click 【Basic Settings】/【Tunnel Configuration】,and tunnel configuration screenwill prompt.
Figure 6-20 Tunnel Configuration
The following table will introduce the tunnel configuration items.
Table 6-13 Tunnel Configuration
Items Description
Mode Switch On: Enable tunnel mode.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 77/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Off: Disable tunnel mode.
AccessPlatform IP
IP address of access platform which enablestunnel mode
Port The default port is 5248.
Forwarding
Type
It supports three tunnel modes.1-MACBridge
2-Reserve
3-802.11 frame tunnel mode
Switch of DataSynchronization
On: Enable data synchronization function.Off: Disable data synchronization function.
6.2.14 Multiple Access Boards Configuration
Click 【Basic Settings】/【Multiple Access Boards Configuration】,and thefollowing screen will prompt.
Figure 6-21 Multiple Access Boards Configuration
Click 【New Access Board】to prompt the following screen.
Figure 6-22 Multiple Access Boards Configuration
The following table will introduce multiple access boards’ configuration.
Table 6-14 Multiple Access Boards Configuration
Items Description
Slot No. The slot number of access board.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 78/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Access BoardIP
The IP address of access board.
Port The port that access platform andmanagement platform to communicate.
Tunneladdress(IPv4)
The Tunnel IP address in the form of IPv4
Tunneladdress(IPv6)
Tunnel IP address in the form of IPv6.
Tunnel port The tunnel port number.
Tunnel SwitchOn: Enable tunnel.Off:Disable tunnel.
Password(R)Read-only command,and the default valueis public.
Password(R&W) Read-write command,and the default valueis private.
6.2.15 AC Upgrade
Click 【Basic Settings】/【AC Upgrade】,and AC Upgrade screen will prompt.
Figure 6-23 AC Upgrade
The following table will introduce AC upgrade items.
Table 6-15 AC Upgrade
Items Description
AC Version
AC supports version 0 and version 1.
Click 【Set as Current Version】,and the version
selected will be set as current version.
AC VersionUpload
Click 【 Browse】 to select files need to be
updated,and click 【Upload】.
Upgrade successfully screen will prompt.
Figure 6-24 AC Upgrade Success
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 79/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.2.16 System Information
Click 【Basic Settings】/【System Information】,and system information screen
will prompt.It is the read-only screen.
Figure 6-25 System Information
Click 【Refresh】,and you can acquire the newest system information.
6.2.17 AC License
Click 【Basic Settings】/【AC License】,and AC license screen will prompt.
Figure 6-26 AC License
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 80/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following table will introduce AC license parameter settings.
Table 6-16 AC License Parameter Settings
Items Description
Device serialNumber
The serial number of device.Click 【Download
Device File】to export device file.
StatusThe status of License.Please click 【 Refresh
Information】to update license information.
Max APNumber
The max number of AP supported.
AC DeviceModel
The model of AC device.
Hotstandby
Support(y/n)Whether to support hotstanfby function or not.
Device ID Number of the device.
Upload
License File
Click 【Browse】to select the file needed,and
click 【Upload】to upload the files.
6.3 Wireless Settings
Wireless settings includes【Wireless Basic】,【Wireless Advanced】,【Wireless
Channel】,【Payloadbalance】,【AP Background Scan】,【CAPWAP Timer 】.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 81/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
They are global configurations to AP. The following part will introduce them
independently.
6.3.1 Wireless Basic
Click 【Wireless Settings】/【Wireless Basic】,and Wireless basic settings screen
will prompt.
Figure 6-27 Wireless Basic Settings
The following table will introduce wireless basic settings.
Table 6-17 Wireless Basic Settings
Items Description
Radio ID Select the radio id of AP.
RF Switch
On: Enable RF, and wireless user can search to
the SSID issued.Off: Disable RF, and wireless user can not
search to the SSID issued.
Power
Configuration
There are three ways.
Adjust Power Automat: When nearby AP power
increases, the device power willdecrease.When nearby AP power weaken, the
device will increase, which is up to the change
of environment.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 82/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Percentage: Work in the designated power.
Actual Power: Work in the actual power.
Auto PowerAdjustment
Interval
AP power will be adjusted as the time intervalpassed, and the default unit is minute.
WirelessMode
There are eight wireless rate modes to beselected.
802.11b Only(2.4G)
802.11g Only(2.4G)802.11n Only(2.4G)
802.11b and 802.11g (2.4G)
802.11n802.11b and 802.11g (2.4G)
802.11a Only(5G)
802.11n and 802.11a (5G)
Work Rate
There are thirteen work rate to be selected.Select Automatically: AP work rate is relatedwith the environment like the direction and
distance of antenna.
1Mbps2Mbps
5.5Mbps
6Mbps9Mbps
11Mbps
12Mbps18Mbps
24Mbps36Mbps
48Mbps
54Mbps
11N Work
Rate
802.11n RF rate configures by MCS (Modulationand Coding Scheme) index value torealize.There are seventeen 11N work rate to
be selected.
Auto:AP selects work rate independently.
MCS Index0MCS Index1MCS Index2
MCS Index3MCS Index4
MCS Index5
MCS Index6MCS Index7
MCS Index8
MCS Index9MCS Index10
MCS Index11
MCS Index12MCS Index13
MCS Index14
MCS Index15
Space FlowThere are four space flows to be selected.1*12*2
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 83/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
3*3
4*4
Channel
Bandwidth
There are four channel bandwidths to beselected.
20MHzAuto 20/40 MHz:20MHz、40MHz self-adaption
40-MHz
40+MHz
GuardInterval
There two settings to be selected.
Long(800us)
Short(400us)
A-MPDUOn: Enable A-MPDU function to increase thewireless network throughput.
Off: Disable A-MPDU function.
A-MSDUOn: Enable A-MSDU function to increase MACtransmission efficiency.
Off: Disable A-MSDU function.
11N WorkMode
There are two 11N work modes to be selected.
HT-MixedHT-Greenfield
6.3.2 Wireless Advanced
Click 【Wireless Settings】/【Wireless Advanced】,and wireless advanced settings
screen will prompt.
Figure 6-28 Wireless Advanced Settings
The following table will introduce wireless advanced settings items.
Table 6-18 Wireless Advanced Settings
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 84/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Layer2
port-isolate
Select layer 2 port-isolate mode.
Layer 2 Isolation Disabled
Isolate UnicastIsolate Multicast
Isolate Broadcast
Isolate All
IGMPSNOOPING
Enabled: Enable IGMP SNOOPINGfunction.Disabled: Disable IGMP SNOOPING
function.
Pre-certificationEnabled: Enable pre-certification function.
Disabled: Disable pre-certification function.
RoamingEnabled: Enable roaming function.Disabled: Disable roaming function.
Detection Timefor Roaming Input the detection time for roaming,andthe default unit is seconds.
Uplink Integrity
Disabled
Disconnect of AP UplinkDisconnect of AP/AC CAPWA
Disconnect of link to a Certain
ActionClose AP RFReboot AP
NTP Server
AddressNTP server IP address.
NTP SynchronousInterval
NTP synchronous interval.The default unit isminutes, and the default range value is
1-1092.
6.3.3 Wireless Channel
Click 【Wireless Settings】 /【Wireless Channel】 ,and wireless channel
configuration screen will prompt.
Figure 6-29 Wireless Channel Configuration
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 85/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following table will introduce wireless channel configuration items.
Table 6-19 Wireless Channel Configuration
Items Description
Radio ID12
Autochannel
adjustment
Enabled: Enable auto channel adjustment
function,and AP will select channelautomatically.
Disabled: Disable auto channel adjustmentfunction.
Adjustment
Mode
Adjust when starts.
Periodic adjustment.
Adjustment
Interval
Input adjustive interval, and the default unit is
minutes.
Minimumsigna
standards
Input minimum signa standards.The default unitis dbm,and the range is from -90 to 10.
6.3.4 Payloadbalance
Click 【 Wireless Settings 】 / 【 Payloadbalance】 ,and payloadbalance
configuration screen will prompt.
Figure 6-30 Payloadbalance Configuration
The following table will introduce payloadbalance configuration items.
Table 6-20 Payloadbalance Configuration
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 86/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Payloadbalance
Switch
Enabled: Enable payloadbalancefunction.When the number of user reachesto a certain amount, payloadbalance
among APswill be adjusted automatically.Disabled: Disable payloadbalancefunction.
Payloadbalance
Type
User: Payloadbalance among APs is
decided by the number of user.
Flow: Payloadbalance among APs isdecided by flow.
StartedThreshold of
Access Users
Enable payloadbalance function when
the threshold set is exceeded.
User ControlDeviation of
Load Balance
When user control deviation of loadbalance is exceeded, new access user will
be related to the AP with lower load.
User ThresholdWhen user threshold is exceeded,payloadbalance function will take no
effect
For example, suppose theconfiguration is set as follows, it stands for tthat the
payloadbalance function will be enabled when the flow value is 0kbps
between the two users(at least 2).If the flow d-value is 500kbps among users,
and the newcomer will be connected to the lower flow AP. When the flow is
more than 1000000000 KBPS, payloadbalance will take no effect.
Figure 6-31 Payloadbalance Configuration by Flow Control
6.3.5 AP Background Scan
Click 【Wireless Settings】/【AP Background Scan】 ,and AP background
scanning screen will prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 87/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-32 AP Background Scanning
The following table will introduce payloadbalance configuration parameters.
Table 6-21 AP Background Scanning
Items Description
Radio ID Input radio ID,and the range is 1~31.
ScanningChannel
All-Channel
1(11b/g)
2(11b/g)
3(11b/g)
4(11b/g)
5(11b/g)
6(11b/g)
7(11b/g)8(11b/g)
9(11b/g)
10(11b/g)
11(11b/g)
12(11b/g)
13(11b/g)
149(11a)
153(11a)
157(11a)
161(11a)
165(11a)
Scanning
Enable
On: Enable backgrounf scanning function.
Off: Disable backgrounf scanning function.
ScanningCycle
Input scanning cycle.The default unit issecond,and the range is 0~65535.
6.3.6 CAPWAP Timer
Click 【Wireless Settings】/【CAPWAP Timer 】,and CAPWAP timer configuration
screen will prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 88/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Figure 6-33 CAPWAPTimer Configuration
The following table will introduce CAPWAP timer configuration items.
Table 6-22 CAPWAP timer configuration
Items Description
Echo TimerThe interval time for AP to send keep alivemessage.
Discovery
TimerNo definition.
Keep-alivetime for AC
The time for AC to detect AP.
6.4 Wireless Security
Wireless security mainly includes【MAC Filter 】,【WLAN Security】,【Intrusion
Detection Settings】 ,【Dynamic Blacklist】 .The function in detail will be
introduced as follows.
6.4.1 MAC Filter
Click 【Wireless Security】/【MAC Filter 】,and MAC filter screen will prompt.
Figure 6-34 MAC Filter
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 89/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following table will introduce MAC filter configuration items.
Table 6-23 MAC Filter
Items DescriptionMACAddress 1
Input MAC address like AA-BB-CC-DD-EE-FF.
MACAddress 2
Input MAC address like AA-BB-CC-DD-EE-FF.
MAC
Address 3Input MAC address like AA-BB-CC-DD-EE-FF.
MAC
Address 4Input MAC address like AA-BB-CC-DD-EE-FF.
6.4.2 WLAN Security
Click 【Wireless Security】/【WLAN Security】,and WLAN security policy list screen
will prompt.
Figure 6-35 WLAN Security Policy List
Click 【Add】to prompt WLAN security policy configuration screen.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 90/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following table will introduce WLAN security policy configuration items.
Table 6-24 WLAN Security Policy
Items Description
Security PolicyID
The ID for security policy, which is generatedautomatically.
Security Policy
NameInput security policy name.
Security Mode
Please enter the security mode.
WEP
802.11iWAPI
Authentication
Mode
If 802.11i is selected as security mode, andtwo authentication modes will be displayed
as follows.
WPA/WPA2-PSKWPA/WPA2(EAP)
if WAPI is selected as security mode, and twoauthentication modes will be displayed as
follows.
WAPI-PSKWAPI Certificate(Primary install wap
certificate)
Key Length
64bit128bit
152bit
Key Type ASCII
Encryption
Method
SMS4
AES
TKIP
Key Input the key.
Index of
Default KeyKey 1: The default key is key 1.Key 2: The default key is key 2.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 91/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Key 3: The default key is key 3.
Key 4: The default key is key 4.
Key 1 Please input key 1.
Key 2 Please input key 2.
Key 3 Please input key 3.
Key 4 Please input key 4.
6.4.3 Intrusion Detection Settings
Click 【Wireless Security】/【Intrusion Detection Settings】,and intrusion detection
settings screen will prompt.
Figure 6-36 Intrusion Detection Settings
The following table will introduce intrusion detection settings.
Table 6-25 Intrusion Detection Settings
Items Description
Spoofing
Attack
DetectionSwitch
Enabled: Enable spoofing attack detection
function.
Disabled: Disable spoofing attack detectionfunction.
Flood AttackDetection
Switch
Enabled: Enable flood attack detectionfunction.
Disabled: Disable flood attack detection
function.
Flood AttackDetectionThreshold
Set flood attack detection threshold,and therange value is 1-6000.
Dynamic
Blacklist
Enabled: Enable dynamic blacklist
function.When the number of flood attack
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 92/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Switch detected is more than the threshold, the user will
be pulled into blacklist.
Disabled: Disable dynamic blacklist function.
DynamicBlacklist alivetime
Set dynamic blacklist alive time.The default unitis second, and the range is 60-3600.
6.4.4 Dynamic Blacklist
Click 【Wireless Security】/【Dynamic Blacklist】,and dynamic blacklist screen
will prompt.
Figure 6-37 Dynamic Blacklist
Select an invasion MAC,and click 【Add to static blacklist】.The MAC will besaved in the blacklist permanently.
Select【Attack Type】,and MAC address under the attack type will be
displayed.The attack type which the device supports includes flood
attack(Unknown Type),flood attack(Authentication),flood
attack(Deauthentication),flood attack(Assocation),flood
attack(Disassocation),flood attack(Reassocation),flood attack(Probe
Request),flood attack(null data),flood attack(action),spoof attack(Unknown
Type),spoof attack(Authentication),spoof attack(Deauthentication),spoof
attack(Assocation),spoof attack(Disassocation).
6.5 WLAN
WLAN mainly includes【AP Configuration】,【WLAN Groups】,【Time Policy
Groups】,【AP Policy Apply】,【WLAN-VLAN Association】.The function in detail
will be introduced as follows.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 93/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.5.1 AP Configuration
Click 【WLAN】/【AP Configuration】, and AP Configuration screen will prompt.
Figure 6-38 AP Configuration
The screen will display AP group information, supporting information displayedafter filtering and information’s export. For example:
Step one,Click 【Import CSV file】,and the following screen will prompt.
Step two,Click 【Browse】,and you can select CSV file needed.Please click
【Upload】,and the following screen will prompt.
Step three,Click 【
Add Import】
to add new AP group informton.Click 【
AllReplace】,and the old AP group information will be replaced. Click add
import button,and the following screen will prompt.
Click 【Confirm】,and the following screen will prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 94/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Step four,Click 【Return】,and upload the system file successfully.
Warning:
Click 【Download CSV Sample】to acquire instruction in detail of CSV file
layout.You’d better download this file in orde to avoid uploading abnormally.
Click 【Add AP+】,and the following screen will prompt.
The following table will introduce AP configuration items.
Table 6-26 AP Configuration
Items Description
AP MACAddress
The MAC address of AP. Please fill in theform of 00-18-7D-09-16-49.
AP GroupDefault Group: AP group is the defaultgroup.
Test Group: AP group is the test group.
AP Number AP number.
Location AP’s geographic location
AP Name AP’s name
Description AP’s description
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 95/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.5.2 WLAN Groups
Click 【WLAN】/【WLAN Groups】, and WLAN group configuration screen will
prompt.
Figure 6-39 WLAN Group Configuration
This screen displays the WLAN group.Click 【Edit Group】,and modify WLAN
group information.Input new WLAN group name ,and click 【Add】to add new
group.
Click the default group’s【Edit Group】,and the following screen will prompt.
Click 【Add】,and WLAN configuration screen will prompt.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 96/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
The following table will introduce WLAN configuration.
Table 6-27 WLAN Configuration
Items Description
WLAN IDWLAN’s ID number, which is generated
automatically.
WLAN GroupWLAN group which is generatedautomatically.
Security Mode
Open: Disable encryption mode.
WEP: Enable WEP encryption mode. To
enable WEP mode, you have to create a
WEP strategy in WLAN securityconfiguration.
802.11i: Enable 802.11i encryption mode.
To enable WEP mode, you have to create
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 97/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
a WEP strategy in WLAN security
configuration WAPI : Enable WAPI
encryption mode.
Security Policy
Select the SSID of security strategy
configured in WLAN securityconfiguration.
SSID WLAN’s SSID.
SSID Mode
Broadcast: Broadcast WLAN’s SSID, and
the user can search to the WLAN.
Hide: The user can’t search to the WLAN.
Vlan ID VLAN’s ID.
QoSEnabled: Enable QoS function to optimizequality of the network service.
Disabled: Disable QoS function.
Max number ofusers
The max number of users which is allowedto access.
MAC Filteringpolicy
OPEN:Set no filtering strategy.
Whitelist: The MAC address of whitelist canaccess WLAN.
Blacklist: he MAC address of whitelist can
not access WLAN.
Flow control
AC supports three flow control modes.
Fixed flow
Guaranteed minimum flowBased on the number of users
Downlink SSID
FlowLimit/Guarantee
Configure downlink flow control based onSSID.
Downlink User
FlowLimit/Guarantee
Configure downlink flow control based on
users connected to the SSID.
Uplink SSID FlowLimit/Guarantee
Configure uplink flow control based onSSID.
Uplink User FlowLimit/Guarantee
Configure uplink flow control based onusers connected to the SSID.
Tunnel Mode
Local Forwarding.
Concentrated Forwarding: To use
concentrated forwarding fucntion, you
have to enable the tunnel modefirst.And the VLAN ID should not be
configured as 0.
EAP Auth Type Select EAP authentication type.
Auth Service
MAC
The MAC address of authentication
server.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 98/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.5.3 Time Policy Groups
Click 【WLAN】/【Time Policy Groups】, and time policy group screen will
prompt.
Figure 6-40 Time Policy Group
Input the name of time policy group,and click 【Add】to add new entry.Select
a entry need to modify, click 【Edit group】,and the following screen will
prompt.
Figure 6-41 Time Policy Group
The following table will introduce time policy group items.
Table 6-28 Time Policy Group
Items Description
Policy ID Policy ID.
Policy Name Name of the policy.
Policy Type
Day
WeekMonth
Year
All day ornot
Yes: Policy applys to every day.No: Please set start time and end time.
Start Time The time when policy takes effect.
End Time The time when policy lose effectiveness.
Week Select the week when the plocy take effect.
Month Select the month when the policy take effect.
Day Select the day when the policy take effect.
Operation Save: Save the time policy.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 99/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.5.4 AP Policy Apply
Click 【WLAN】/【AP Policy Apply】, and AP policy apply screen will prompt.
Figure 6-42AP AP Policy Apply
On this screen WLAN group can be associated with different limit policies.
6.5.5 WLAN-VLAN Association
Click 【WLAN】/【WLAN-VLAN Association】, and WLAN-VLAN association
screen will prompt.
Figure 6-43 WLAN-VLAN Association
On this screen WLAN group can associate to relevant VLAN group.
6.6 Statistics
Statistics mainly includes【AP Information】,【AP Upgrate】,【Wireless
Interface Statistics】,【Wireless Users Statistics】,【Intrusion Detection Statistics】,
【Statistica Report Cycle】. The function in detail will be introduced as follows.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 100/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.6.1 AP Information
Click 【Statistics】/【AP Information】,and AP information screen will prompt.
Figure 6-44 AP List
The following table will introduce AP information configuration items.
Table 6-29 AP List
Items Description
AP ID AP’s ID
MACAddress
AP’s MAC address
IP Address AP’s IP address
AP Group AP group
AP Name AP’s name
FP NO. The RF number of AP
Online Time AP’s online time Start Time The time AP starts up
Last 3 Join
TimeThe last three timeof AP’s joining
Join Reason Reason of AP’s joining.
Status
ALL: Display AP’s status.
Configuration: Display APs in the configurationstatus.
Run: Display APs in the run status.
Idle: Display APs in the Idle status.
Details
Click 【Details】 to show detail information ,
including AP basic information , wireless
configuration, software and hardwareconfiguration, and user information list.
Select the AP need to be set,and click 【Load Balance】to configurate load
balance.
Select the AP need to be set,click 【Security Mode】,and the following screen
will prompt.
Figure 6-45 AP Security Mode
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 101/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
There are three security modes to select, including 802.11i, WAPI, API&802.11i.
Select AP need to be set, click 【Parameters of AP Online Scanning】,and the
following screen will prompt.
Figure 6-46 Parameters of AP Online Scanning
Table 6-30 Parameters of AP Online Scanning
Items Description
Radio ID Select the radio id need to be set.
ScanningChannel
11a: Select a channel like Full Channel,
149,153,157,161,165 to realize scanning.11b/g: Select a channel like Full Channel, 1-13
channels to realize scanning.
Scanning
Mode
Passive Scanning
Positive Scanning: The AP scans other APs
nearby positively.Stop Scanning: Stop scanning operation.
ScanningCycle
Cycle of scanning.The unit is second, and therange is from 0 to 65535.
Click 【Recovery Factory Set】to reset all the APs.
Click 【System Reboot】,and reboot the AP selected.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 102/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.6.2 AP Software Upgrade
Click 【Statistics】/【AP Software Upgrade】,and AP information screen will
prompt.
Figure 6-47 AP Software Upgrade
Click 【Software Upgrade Setting】,and the following screen will prompt.
Figure 6-48 Configuration of AP upgrading
The following table will introduce configuration of AP upgrading.
Table 6-31 Configuration of AP upgrading
Items Description
Retries whenit fails
The number of retry after upgrading fails
Numbers of
Simultaenous
AP
The number of AP’thatupgradsat the same
time.
Time ofupgrading
timeout
The time for AP to update. If AP does notsuccessfully upgrade during this time, then the
upgrade fails
Click the button on the left of screen, and the following functions can be
realized.
Click 【Upgrading】to upgrade AP by software.
Click 【Cancel upgrading software】,and cancel upgrading command like
AP’s status is waiting for upgrade or is upgrading and so on.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 103/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Click 【Upgrade configured file】to update AP by configured file.
Click 【Upgrade WAPI certificate】to update AP by WAPI certificate.
Click 【Reboot AP】to restart AP.
6.6.3 Wireless Radio Statistics
Click 【Statistics】/【Wireless Radio Statistics】,and wireless radio statistics
screen will prompt.
Figure 6-49 Wireless Radio Statistics
Click 【Wireless Mode Configuration】,【Wireless Channel Configuration】,
【Wireless Power Configuration】,and the AP selected can be configurated
for wireless mode,channel or power. Please refer to 5.3.1 wireless settings
basic configuration and 5.3.3 wireless channel configuration to get
parameters introduction in detail.
6.6.4 Wireless User List
Click 【Statistics】/【Wireless User List】,and wireless user list screen will prompt.
Figure 6-50 Wireless User List
The following table will introduce wireless user list items.
Table 6-32 Wireless User List
Items Description
AP IP AP’s IP address
AP MAC AP’s MAC address
Access IP address of the access platform.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 104/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Items Description
Platform IP
User MACAddress
MAC address of the user.
SSID WLAN SSID which is used
Session Id Session ID which is used
Tunnel Id The tunnel’s ID
Upline Time Online time
6.6.5 Intrusion Detection Statistics
Click 【Statistics】/【Intrusion Detection Statistics】,and intrusion detection
statistics screen will prompt.
6.6.6 Cycle of Reporting AP Statistics
Click 【Statistics】/【Cycle of Reporting AP Statistics】,and cycle of reporting
AP statistics screen will prompt.
Figure 6-51 Cycle of Reporting AP Statistics
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 105/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.7 Rogue AP
Rogue AP mainly includes【Rogue AP】,【Permitted BSSID List】,【Permitted
SSID List】. The function in detail will be introduced as follows.
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 106/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.7.1 Rogue AP
Click 【Rogue AP】/【Rogue AP】,and rogue AP list screen will prompt.
Figure 6-52 Rogue AP List
Enable rogue AP scanning function, and configure the 5.2.5 AP background
scanning fucntion at the same time will realize the function of rogue APscanning.
The following table will introduce rogue AP configuration items.
Table 6-33 Rogue AP Configuration
Items Description
BSSID Rogue AP’s BSSID
SSID Rogue AP’s SSID
Radio ID Rogue AP’s radio id
Channel Rogue AP’s channel
SignalStrenth(dBm)
Rogue AP’s signal strength
SNR Rogue AP’s SNR
DataTransfer Rate
Rogue AP’s transfer rate
MACAddress
The MAC address of scanning AP.
AP TypeDisplay the scanned AP type. Generally the APdisplayed is rouge AP.
6.7.2 Permitted BSSID List
Click 【Rogue AP】/【Permitted BSSID List】,and permitted BSSID list screen
will prompt.
Figure 6-53 Permitted BSSID List
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 107/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
Choose a BSSID in the rogue AP list to add in permitted BSSID list, and the
corresponding rogue AP will be turned into the lawful AP.
6.7.3 Permitted SSID List
Click 【Rogue AP】/【Permitted SSID List】,and permitted SSID list screen willprompt.
Figure 6-54 Permitted SSID List
Choose a SSID of rogue AP to add in permitted SSID list, and the
corresponding rogue AP will be turned into the lawful AP.
6.8 LOG
Log mainly includes【Operation Log】,【Operation Log Hold Time】,【Alarm
Log】,【AP Log】,【Intrusion Detection Log】. The function in detail will be
introduced as follows.
6.8.1 Operation Log
Click 【LOG】/【Operation Log】,and operation log screen will prompt.
Figure 6-55 Operation Log Search
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 108/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
This screen can query user operation log,including User Login,WLAN,User
Quit,Group Policy,Basic Settings,AP Group List,Rogue AP.Select the operation
need to search in the 【 Operation Type】 option. For example,select
userlogin ,click 【Search】,and the following screen will prompt.
Figure 6-56 Operation Log Query Results
Click 【Remote Save +】,and log will be uploaded to the FTP server specified.
Figure 6-57 Log Saving Remote FTP Server
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 109/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Altai Technologies Ltd. All rights reserved
6.8.2 Operation Log Hold Time
Click 【LOG】/【Operation Log Hold Time】,and operation log hold time
screen will prompt.
Operation log hold time can be set on this screen,and the unit is day.
6.8.3 Alarm Log
Click 【LOG】/【Alarm Log】,and alarm log screen will prompt.
Figure 6-58 Alarm Log
Click 【Download】and log can be saved to the location.
6.8.4 AP Log
Click 【LOG】/【AP Log】,and AP log screen will prompt.
Figure 6-59 AP Log
8/20/2019 Altai Access Controller Configuration Manual _ v2.0
http://slidepdf.com/reader/full/altai-access-controller-configuration-manual-v20 110/110
Access Controller Configuration Manual
TPS14-04_rev2.0
Enable SYSLOG switch,and SYSLOG server can be configured.
6.8.5 Intrusion Detection Log
Click 【LOG】/【Intrusion Detection Log】,and intrusion detection log screen will
prompt.
Figure 6-60 Intrusion Detection Log